Home

Description

Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints.

PUBLISHED Reserved 2026-05-15 | Published 2026-06-12 | Updated 2026-06-12 | Assigner DEVOLUTIONS

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status
unaffected

Any version
affected

References

devolutions.net/security/advisories/DEVO-2026-0016/ (DEVO-2026-0016)

cve.org (CVE-2026-8694)

nvd.nist.gov (CVE-2026-8694)

Download JSON