CVE-2026-3563

Published: Mar 17, 2026Modified: Mar 19, 2026

5.5

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

Exploitability: 1.2 / Impact: 4.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of service via a conflicting URL path.

Affected (1)

Products: Ironmansoftware: Powershell Universal

Ironmansoftware

1 product

Powershell Universal

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ironmansoftware Powershell Universal	Before 2026.1.4

Related CWEs

Improper Validation of Unsafe Equivalence in Input

The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input is equivalent to a potentially-unsafe value.

References (1)

https://devolutions.net/security/advisories/DEVO-2026-0008

Source: security@devolutions.net

Vendor Advisory

Timeline

No history available yet.