Primary

Context

Devolutions PowerShell Universal Missing Authorization Vulnerability in gRPC Service Endpoints

Vulnerability

A vulnerability in Devolutions PowerShell Universal in versions prior to 2026.1.4 allows authenticated users with valid tokens to bypass role-based access controls on multiple gRPC service endpoints. This oversight enables users to perform privileged actions such as accessing sensitive information, managing resources (including creation and deletion), and disrupting service operations by sending crafted gRPC requests.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive data, improper management of resources, and disruption of service operations.

Remediation

Users are advised to upgrade to Devolutions PowerShell Universal version 2026.1.4 or later.

Added: Mar 17, 2026, 8:22 PM

Updated: Mar 17, 2026, 8:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.6

exploitability

5.2

remediation

0.0

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.6

exploitability

5.2

remediation

0.0

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Devolutions PowerShell Universal Missing Authorization Vulnerability in gRPC Service Endpoints

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating