Primary

Context

Devolutions PowerShell Universal Improper Input Validation Vulnerability Allowing URL Path Conflicts and Denial-of-Service

Vulnerability

A vulnerability exists in Devolutions PowerShell Universal versions prior to 2026.1.4, where improper input validation in the apps and endpoints configuration allows authenticated users with the right permissions to create or modify applications or endpoints. This flaw enables them to override existing application or system routes, leading to unintended request routing. The conflict in URL paths can cause a denial-of-service by disrupting normal application functionality.

Impact

Exploitation of this vulnerability can cause a denial-of-service by creating conflicting URL paths that disrupt normal application operations.

Remediation

Users are advised to upgrade to Devolutions PowerShell Universal version 2026.1.4 or later.

Added: Mar 17, 2026, 8:22 PM

Updated: Mar 17, 2026, 8:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.8

remediation

0.0

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.8

remediation

0.0

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Devolutions PowerShell Universal Improper Input Validation Vulnerability Allowing URL Path Conflicts and Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating