CVE-2026-3277

Published: Feb 27, 2026Modified: Mar 30, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials

Affected (1)

Products: Ironmansoftware: Powershell Universal

Ironmansoftware

1 product

Powershell Universal

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ironmansoftware Powershell Universal	Before 2026.1.3

Related CWEs

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (1)

https://devolutions.net/security/advisories/DEVO-2026-0006

Source: security@devolutions.net

Third Party Advisory

Timeline

No history available yet.