CVE-2026-3277

CVE-2026-3277

Vendor Devolutions
Product PowerShell Universal
Weakness CWE-312 · Cleartext storage
Published February 27, 2026
Last update March 30, 2026

CVSS base score

What the vulnerability does

01Description

The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials

Key dates

02Disclosure timeline

February 27, 2026 CVE published
March 30, 2026 Record updated