Improper Input Validation in PowerShell Universal by Devolutions
CVE-2026-3563

5.5MEDIUM

Key Information:

Vendor: Devolutions
Status: Powershell Universal
Vendor: CVE Published:; 17 March 2026

🔔 Create Devolutions Vulnerability Alert

What is CVE-2026-3563?

An improper input validation flaw exists in PowerShell Universal, affecting versions before 2026.1.4. This vulnerability allows authenticated users with the capability to create or modify applications or endpoints to overwrite existing routes within the application or system. Consequently, this can lead to conflicts in URL paths, causing unintended request routing and potential service interruptions.

Affected Version(s)

PowerShell Universal 2026.1.0 < 2026.1.4

References

https://devolutions.net/security/advisories/DEVO-2026-0008

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 17, 2026
Vulnerability Reserved
Mar 4, 2026

CVE-2026-3563 Data

JSON