プラットフォーム
dotnet
コンポーネント
powershell-universal
修正版
2026.1.3
CVE-2026-3277 affects PowerShell Universal versions prior to 2026.1.3. This vulnerability arises from the insecure storage of the OpenID Connect (OIDC) client secret within the .universal/authentication.ps1 script. An attacker who gains read access to this file can extract the secret, potentially leading to unauthorized access and privilege escalation.
The primary impact of CVE-2026-3277 is the exposure of the OIDC client secret. This secret is crucial for authenticating PowerShell Universal with OIDC identity providers. If an attacker obtains this secret, they can impersonate legitimate users or services, potentially gaining access to sensitive data and systems. The scope of the impact depends on the permissions granted to the OIDC application and the sensitivity of the resources it accesses. This vulnerability could enable lateral movement within a network if the compromised PowerShell Universal instance has access to other systems.
CVE-2026-3277 was publicly disclosed on 2026-02-27. Exploitation probability is considered medium due to the relatively straightforward nature of the exploit (reading a file) and the potential impact. No public proof-of-concept (POC) code has been released as of this writing, but the vulnerability's simplicity suggests that a POC could be developed quickly. It is not currently listed on CISA KEV.
Organizations utilizing PowerShell Universal for automation and configuration management, particularly those relying on OIDC authentication, are at risk. Environments with less stringent file system permissions or shared user accounts are especially vulnerable. Teams using PowerShell Universal within CI/CD pipelines should also be prioritized for remediation.
• windows / dotnet:
Get-ChildItem -Path "$env:USERPROFILE/.universal/" -Filter authentication.ps1 -Recurse• windows / dotnet:
Get-Acl -Path "$env:USERPROFILE/.universal/authentication.ps1" | Select-Object -ExpandProperty Access• generic web:
Inspect the .universal/authentication.ps1 file (if accessible) for cleartext secrets. Look for strings resembling client secrets or passwords.
disclosure
エクスプロイト状況
EPSS
0.01% (1% パーセンタイル)
The primary mitigation for CVE-2026-3277 is to immediately upgrade PowerShell Universal to version 2026.1.3 or later. This version addresses the vulnerability by securely storing the OIDC client secret. If upgrading is not immediately feasible, consider restricting access to the .universal/authentication.ps1 file to only authorized personnel. Implement robust file system permissions and auditing to detect any unauthorized access attempts. While not a direct fix, reviewing and tightening OIDC application permissions can limit the potential damage if the secret is compromised.
Actualice PowerShell Universal a la versión 2026.1.3 o posterior. Esto corregirá la vulnerabilidad que almacena la clave secreta de OIDC en texto plano. La actualización se puede realizar a través del panel de administración o descargando la última versión del sitio web del proveedor.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-3277 is a critical vulnerability in PowerShell Universal where the OIDC client secret is stored in cleartext within the authentication script, allowing unauthorized access if the file is readable.
If you are using PowerShell Universal versions 0-2026.1.3 and have not upgraded, you are potentially affected by this vulnerability. Assess your environment immediately.
Upgrade PowerShell Universal to version 2026.1.3 or later to resolve the vulnerability. This version securely stores the OIDC client secret.
As of now, there are no confirmed reports of active exploitation, but the vulnerability's simplicity suggests it could be targeted.
Refer to the official PowerShell Universal release notes and security advisories on the project's GitHub repository for the latest information.
packages.lock.json ファイルをアップロードすると、影響の有無を即座にお知らせします。