PatchSiren cyber security CVE debrief
CVE-2026-8694 Devolutions CVE debrief
CVE-2026-8694 is a MEDIUM-severity vulnerability (CVSS Score: 5.3) affecting Devolutions PowerShell Universal 2026.1.7 and earlier. The vulnerability is caused by improper access control, allowing an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints.
- Vendor
- Devolutions
- Product
- PowerShell Universal
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Devolutions PowerShell Universal 2026.1.7 and earlier should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N and is classified under CWE-306. The CVE record was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-8694) and additional details can be found on [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-8694).
Defensive priority
MEDIUM
Recommended defensive actions
- Apply the necessary patches or updates to Devolutions PowerShell Universal as recommended by the vendor.
- Review and restrict access to user-defined REST endpoints.
- Monitor for any suspicious activity related to the affected endpoints.
Evidence notes
The vendor is identified as Devolutions based on [ref-4](https://devolutions.net/security/advisories/DEVO-2026-0016/).
Official resources
-
CVE-2026-8694 CVE record
CVE.org
-
CVE-2026-8694 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-8694 was published on 2026-06-12T15:16:32.430Z and modified on 2026-06-12T16:16:34.547Z.