CVE-2026-13437
Last modified
CVE-2026-13437 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API responses.. EPSS estimates a 0.26% chance of exploitation in the next 30 days.
Description
Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API responses.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Devolutions | Powershell Universal | 2026.2.0.0 |
References
- https://devolutions.net/security/advisories/DEVO-2026-0022/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-13437?
How severe is CVE-2026-13437?
How do I fix CVE-2026-13437?
Related CVEs from 2026
- CVE-2026-1342IBM Verify Identity Access Container 11.0 through 11.0.2 and…7.9
- CVE-2026-13422The HD Quiz plugin for WordPress is vulnerable to Cross-Site…4.3
- CVE-2026-13426The Mattermost Go module github.com/mattermost/mattermost/se…5.4
- CVE-2026-1343IBM Verify Identity Access Container 11.0 through 11.0.2 and…7.2
- CVE-2026-13430The Post Export Import with Media plugin for WordPress is vu…7.2
- CVE-2026-13434A flaw was found in KubeVirt's network annotation generator.…4.9
- CVE-2026-1344Tanium addressed an insecure file permissions vulnerability …5.5
- CVE-2026-13441The EventPrime – Events Calendar, Bookings and Tickets plugi…7.2
- CVE-2026-13443The Tutor LMS – eLearning and online course solution plugin …6.4
- CVE-2026-13449IBM Business Automation Manager Open Editions 9.0.0 through …9.1
- CVE-2026-1345IBM Verify Identity Access Container 11.0 through 11.0.2 and…7.3
- CVE-2026-13450The GamiPress – Gamification plugin to reward points, achiev…5.3
Are you affected by CVE-2026-13437?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
