CVE-2026-13437: Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 a
Summary
A vulnerability in Devolutions PowerShell Universal 2026.2.0 allows authenticated users with AI Agent read access to obtain sensitive authentication tokens (reusable credentials that grant access to systems) because these tokens are sent in plaintext (unencrypted, readable text) in job API (an interface for running automated tasks) responses. This could allow attackers to gain higher-level access than they should have.
Vulnerability Details
6.5(medium)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
network
low
low
none
June 29, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
GHSA-382c-vx95-w3p5: Gittensory: Missing contributor-scoped access control on profile endpoint and MCP tool leaks miner financial data
CVE-2026-2589: The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-13437
First tracked: June 29, 2026 at 02:07 PM
Classified by LLM (prompt v3) · confidence: 72%