CVE-2026-4064

Name of the Vulnerable Software and Affected Versions PowerShell Universal versions prior to 2026.1.4

Description The software contains missing authorization checks on multiple gRPC service endpoints. An authenticated user possessing any valid token can bypass role-based access controls. This allows the user to perform privileged operations, including reading sensitive data, creating or deleting resources, and disrupting service operations, through crafted gRPC requests. The issue affects the gRPC service endpoints. The vulnerability allows bypassing of role-based access controls using crafted gRPC requests.

Recommendations Versions prior to 2026.1.4 should be updated to version 2026.1.4 or later.