Primary

Context

Devolutions PowerShell Universal OpenID Connect Client Secret Storage Vulnerability

Vulnerability

A vulnerability exists in Devolutions PowerShell Universal versions prior to 2026.1.3, where the OpenID Connect (OIDC) client secret is stored in cleartext within the .universal/authentication.ps1 script. This exposure allows an attacker with read access to the file to retrieve the OIDC client credentials.

Impact

Exploitation of this vulnerability could lead to unauthorized access to OIDC client credentials, allowing an attacker to impersonate the client or access resources on behalf of the client.

Remediation

Users are advised to upgrade to Devolutions PowerShell Universal version 2026.1.3 or later.

Added: Feb 27, 2026, 4:18 PM

Updated: Feb 27, 2026, 4:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Devolutions PowerShell Universal OpenID Connect Client Secret Storage Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating