PT-2026-22344 · Unknown · Powershell Universal
Published
2026-02-27
·
Updated
2026-02-27
·
CVE-2026-3277
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
PowerShell Universal versions prior to 2026.1.3
Description
The OpenID Connect (OIDC) authentication configuration stores the OIDC client secret in cleartext within the
.universal/authentication.ps1 script. An attacker with read access to this file can obtain the OIDC client credentials.Recommendations
Update to version 2026.1.3 or later.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Powershell Universal