Platform
dotnet
Component
powershell-universal
Fixed in
2026.1.3
CVE-2026-3277 affects PowerShell Universal versions prior to 2026.1.3. This vulnerability arises from the insecure storage of the OpenID Connect (OIDC) client secret within the .universal/authentication.ps1 script. An attacker who gains read access to this file can extract the secret, potentially leading to unauthorized access and privilege escalation.
The primary impact of CVE-2026-3277 is the exposure of the OIDC client secret. This secret is crucial for authenticating PowerShell Universal with OIDC identity providers. If an attacker obtains this secret, they can impersonate legitimate users or services, potentially gaining access to sensitive data and systems. The scope of the impact depends on the permissions granted to the OIDC application and the sensitivity of the resources it accesses. This vulnerability could enable lateral movement within a network if the compromised PowerShell Universal instance has access to other systems.
CVE-2026-3277 was publicly disclosed on 2026-02-27. Exploitation probability is considered medium due to the relatively straightforward nature of the exploit (reading a file) and the potential impact. No public proof-of-concept (POC) code has been released as of this writing, but the vulnerability's simplicity suggests that a POC could be developed quickly. It is not currently listed on CISA KEV.
Exploit Status
EPSS
0.01% (1% percentile)
The primary mitigation for CVE-2026-3277 is to immediately upgrade PowerShell Universal to version 2026.1.3 or later. This version addresses the vulnerability by securely storing the OIDC client secret. If upgrading is not immediately feasible, consider restricting access to the .universal/authentication.ps1 file to only authorized personnel. Implement robust file system permissions and auditing to detect any unauthorized access attempts. While not a direct fix, reviewing and tightening OIDC application permissions can limit the potential damage if the secret is compromised.
Update PowerShell Universal to version 2026.1.3 or later. This will correct the vulnerability that stores the OIDC client secret in plaintext. The update can be performed through the administration panel or by downloading the latest version from the vendor's website.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-3277 is a critical vulnerability in PowerShell Universal where the OIDC client secret is stored in cleartext within the authentication script, allowing unauthorized access if the file is readable.
If you are using PowerShell Universal versions 0-2026.1.3 and have not upgraded, you are potentially affected by this vulnerability. Assess your environment immediately.
Upgrade PowerShell Universal to version 2026.1.3 or later to resolve the vulnerability. This version securely stores the OIDC client secret.
As of now, there are no confirmed reports of active exploitation, but the vulnerability's simplicity suggests it could be targeted.
Refer to the official PowerShell Universal release notes and security advisories on the project's GitHub repository for the latest information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your packages.lock.json file and we'll tell you instantly if you're affected.