XSS in Devolutions Powershell Universal

CVE-2026-0618

Cross-site Scripting vulnerability in Devolutions PowerShell Universal.This issue affects Powershell Universal: before 4.5.6, before 5.6.13.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (17.5th percentile) — read the EPSS interpretation.

Affected products

Devolutions Powershell Universal — versions 0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

devolutions.net/security/advisories/DEVO-2026-0001/