CVE-2026-3277

Cleartext Storage of OIDC Client Secret in PowerShell Universal

Description

The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials

INFO

Published Date :

2026-02-27T15:11:18.252Z

Last Modified :

2026-03-30T20:43:33.695Z

Source :

DEVOLUTIONS

AFFECTED PRODUCTS

The following products are affected by CVE-2026-3277 vulnerability.

Vendors	Products
Devolutions	Powershell Universal
Ironmansoftware	Powershell Universal

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-3277.

URL	Resource
https://devolutions.net/security/advisories/DEVO-2026-0006

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact