Auth bypass in Devolutions Powershell Universal

CVE-2026-4064

Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including re…

Vulnerability class: Broken Access Control

EPSS: 0.000 (6.4th percentile) — read the EPSS interpretation.