{"data":{"id":"f6702ff7-93f6-48fd-bf5f-d29ecaa220ba","title":"CVE-2026-13437: Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 a","summary":"A vulnerability in Devolutions PowerShell Universal 2026.2.0 allows authenticated users with AI Agent read access to obtain sensitive authentication tokens (reusable credentials that grant access to systems) because these tokens are sent in plaintext (unencrypted, readable text) in job API (an interface for running automated tasks) responses. This could allow attackers to gain higher-level access than they should have.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-13437","publishedAt":"2026-06-29T16:16:35.773Z","cveId":"CVE-2026-13437","cweIds":["CWE-201"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["pii_leakage"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Devolutions PowerShell Universal"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-29T16:16:35.773Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.72,"researchCategory":null,"atlasIds":null}}