CVE-2026-4064 Ironmansoftware — Exploit & Vulnerability Details HIGH

CVE-2026-4064

HIGH CVSS 3.1: 8.3 EPSS 0.04%

Parameter	Value
CVSS	8.3 (HIGH)
Affected Versions	before 2026.1.4
Fixed In	2026.1.4
Type	CWE-862 (Missing Authorization)
Vendor	Ironmansoftware
Public PoC	No

Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading sensitive data, creating or deleting resources, and disrupting service operations — via crafted gRPC requests.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

Low

Partial disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-862 Missing Authorization

Vulnerable Products 1

Configuration	From (including)	Up to (excluding)
Ironmansoftware Powershell_Universal cpe:2.3:a:ironmansoftware:powershell_universal::::::::	—	`2026.1.4`

References 1

https://devolutions.net/security/advisories/DEVO-2026-0008

security@devolutions.net

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-3563

Ironmansoftware

5.5

CVE-2026-3277

Ironmansoftware

6.5

CVE-2026-0618

Ironmansoftware

6.1

Menu

CVE-2026-4064

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 1

References 1

Related Vulnerabilities

CVE-2026-3563

CVE-2026-3277

CVE-2026-0618

CVE Details

Editor's Choice

Menu

CVE-2026-4064

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 1

References 1

Related Vulnerabilities

CVE-2026-3563

CVE-2026-3277

CVE-2026-0618

CVE Details

Editor's Choice

Stay informed on cybersecurity