Back to CVE List

CVE-2026-13437

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
6.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vulnerability Description

Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API responses.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-201
Source
NVD
Vendor
devolutions
Product
powershell_universal

External References

Discussion (0)

Add Comment

No comments yet. Be the first!