CVE Catalog

CVE-2026-8694

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile — higher than 12% of all known CVEs

Summary

Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints.

Risk Assessment

An attacker could gain access to sensitive information about the API interfaces, potentially leading to further attacks on the system.

Recommendation

It is recommended to upgrade to the latest version of Devolutions PowerShell Universal to address this security vulnerability.

Original NVD description (English source)

Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS