CVE-2026-3563 | THREATINT

Description

Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of service via a conflicting URL path.

PUBLISHED Reserved 2026-03-04 | Published 2026-03-17 | Updated 2026-03-17 | Assigner DEVOLUTIONS

Problem types

CWE-1289 Improper validation of unsafe equivalence in input

Product status

Default status

unaffected

2026.1.0 (custom) before 2026.1.4

affected

References

devolutions.net/security/advisories/DEVO-2026-0008

cve.org (CVE-2026-3563)

nvd.nist.gov (CVE-2026-3563)

Download JSON