CVE-2026-3277

Severity CVSS v4.0:

Pending analysis

Type:

CWE-312 Cleartext Storage of Sensitive Information

Publication date:

27/02/2026

Last modified:

27/02/2026

Description

The OpenID Connect (OIDC) authentication configuration in PowerShell <br /> Universal before 2026.1.3 stores the OIDC client secret in cleartext in <br /> the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials

Impact

References to Advisories, Solutions, and Tools

https://devolutions.net/security/advisories/DEVO-2026-0006