CVE-2026-3277 | THREATINT

Description

The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials

PUBLISHED Reserved 2026-02-26 | Published 2026-02-27 | Updated 2026-02-27 | Assigner DEVOLUTIONS

Problem types

CWE-312 Cleartext Storage of Sensitive Information

Product status

Default status

unaffected

Any version before 2026.1.3

affected

References

devolutions.net/security/advisories/DEVO-2026-0006

cve.org (CVE-2026-3277)

nvd.nist.gov (CVE-2026-3277)

Download JSON