CVE-2026-8694

CVE-2026-8694: Improper access control on the API documentation endpoint in PowerShell Universal

Vendor Devolutions
Product PowerShell Universal
Weakness CWE-306 · Missing auth
Published June 12, 2026
Last update June 12, 2026

CVSS base score

What the vulnerability does

01Description

Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints.

Key dates

02Disclosure timeline

June 12, 2026 CVE published
June 12, 2026 Record updated