CVE Catalog
CVE-2026-8694
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk0.22%
12th percentile — higher than 12% of all known CVEs
Summary
Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints.
Risk Assessment
An attacker could gain access to sensitive information about the API interfaces, potentially leading to further attacks on the system.
Recommendation
It is recommended to upgrade to the latest version of Devolutions PowerShell Universal to address this security vulnerability.
Original NVD description (English source)
Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints.

