CVE-2026-3277
MED 6.5The OpenID Connect (OIDC) authentication configuration in PowerShell
Universal before 2026.1.3 stores the OIDC client secret in cleartext in
the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials
Affected Applications in Environment
11
Powershell
v10.0.22621.3085
1 device
Powershell
v7.1.5.0
1 device
Powershell
v7.2.4.0
5 devices
Powershell
v10.0.26100.5074
1 device
Powershell
v7.6.0.0
3 devices
Powershell
v7.1.4.0
4 devices
Powershell
v7.5.4.0
2 devices
Powershell
v7.5.2.0
1 device
powershell
v7.5.4-1.deb
2 devices
powershell
v7.6.0-1.deb
1 device
powershell
v7.5.5-1.deb
1 device
Affected Devices
22
BRICH7
Windows
DCSHERPA
Windows
DPINFT-02609239
Windows
DPINFT-16800084
Windows
DPINFT-6P663188
Windows
DPUVDL-5LTK353
Windows
DRAGONSTONE
Windows
INTUNE-FACTORY
Windows
KWSERVERUSUE
Windows
LANDING
Windows
LUCKY
Windows
PSERVER1
Windows
QCL30626
Windows
QCL30626
Windows
QCL30626
Windows
QCL30626
Windows
SIMPLEK
Windows
STRUCTURESOLVER
Windows
intune-mcc1
Linux
intune-mcc3
Linux
refraction
Linux
seaweed
Linux