PT-2026-53303 · Devolutions · Powershell Universal

Published

2026-06-29

Updated

2026-06-29

CVE-2026-13437

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API responses.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-201

Related Identifiers

CVE-2026-13437

Affected Products

Powershell Universal

PT-2026-53303 · Devolutions · Powershell Universal

CVE-2026-13437

Weakness Enumeration

Related Identifiers

Affected Products

References · 2