Improper access control on the API documentation endpoint in PowerShell Universal
CVE-2026-8694

5.3MEDIUM

Key Information:

Vendor: Devolutions
Status: Powershell Universal
Vendor: CVE Published:; 12 June 2026

🔔 Create Devolutions Vulnerability Alert

What is CVE-2026-8694?

Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints.

Affected Version(s)

PowerShell Universal 0 <= 2026.1.7

References

https://devolutions.net/security/advisories/DEVO-2026-0016/

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2026
Vulnerability Reserved
May 15, 2026

CVE-2026-8694 Data

JSON