CVE-2026-3563

EPSS 0.06%
Veröffentlicht 17.03.2026 19:15:37
Zuletzt bearbeitet 19.03.2026 13:04:11
Quelle security@devolutions.net
CVE-Watchlists
Login
Unerledigt
Login

Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of service via a conflicting URL path.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ironmansoftware ≫ Powershell Universal Version < 2026.1.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.174

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.2	4.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

CWE-1289 Improper Validation of Unsafe Equivalence in Input

The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input is equivalent to a potentially-unsafe value.

https://devolutions.net/security/advisories/DEVO-2026-0008

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-3563

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-3563

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-3563

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-3563