{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3563", "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "state": "PUBLISHED", "assignerShortName": "DEVOLUTIONS", "dateReserved": "2026-03-04T19:53:50.594Z", "datePublished": "2026-03-17T19:15:37.820Z", "dateUpdated": "2026-03-17T20:04:00.419Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS", "dateUpdated": "2026-03-17T19:15:37.820Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1289", "description": "CWE-1289 Improper validation of unsafe equivalence in input", "type": "CWE"}]}], "affected": [{"vendor": "Devolutions", "product": "PowerShell Universal", "versions": [{"status": "affected", "version": "2026.1.0", "lessThan": "2026.1.4", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of service via a conflicting URL path.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div><div><div>Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of service via a conflicting URL path.</div></div></div>"}]}], "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2026-0008"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-17T20:03:34.884955Z", "id": "CVE-2026-3563", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T20:04:00.419Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3563", "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "state": "PUBLISHED", "assignerShortName": "DEVOLUTIONS", "dateReserved": "2026-03-04T19:53:50.594Z", "datePublished": "2026-03-17T19:15:37.820Z", "dateUpdated": "2026-03-17T20:04:00.419Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23", "shortName": "DEVOLUTIONS", "dateUpdated": "2026-03-17T19:15:37.820Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1289", "description": "CWE-1289 Improper validation of unsafe equivalence in input", "type": "CWE"}]}], "affected": [{"vendor": "Devolutions", "product": "PowerShell Universal", "versions": [{"status": "affected", "version": "2026.1.0", "lessThan": "2026.1.4", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of service via a conflicting URL path.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div><div><div>Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of service via a conflicting URL path.</div></div></div>"}]}], "references": [{"url": "https://devolutions.net/security/advisories/DEVO-2026-0008"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-3563", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-17T20:03:34.884955Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T20:03:56.949Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of service via a conflicting URL path."}], "id": "CVE-2026-3563", "lastModified": "2026-03-17T20:16:14.587", "metrics": {}, "published": "2026-03-17T20:16:14.587", "references": [{"source": "security@devolutions.net", "url": "https://devolutions.net/security/advisories/DEVO-2026-0008"}], "sourceIdentifier": "security@devolutions.net", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1289"}], "source": "security@devolutions.net", "type": "Secondary"}]}

{}

{}