CVE 6.5 MEDIUM

CVE-2026-13437_CVE-2026-13437

6.5 / 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API responses.

Basic Information

ID CVE-2026-13437
Source DEVOLUTIONS
Published Jun 29, 2026 at 15:23
Modified Jun 29, 2026 at 16:25

Affected Product

Vendor Devolutions
Product PowerShell Universal
Version 2026.2.0
Affected Versions Devolutions PowerShell Universal 2026.2.0

CWE Classification

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.