CVE-2026-3563
Last modified
CVE-2026-3563 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of service via a conflicting URL path.. EPSS estimates a 0.34% chance of exploitation in the next 30 days.
Description
Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of service via a conflicting URL path.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ironmansoftware | Powershell Universal | < 2026.1.4 |
References
- https://devolutions.net/security/advisories/DEVO-2026-0008Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-3563?
How severe is CVE-2026-3563?
How do I fix CVE-2026-3563?
Are you affected by CVE-2026-3563?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST