Ironman Software PowerShell Universal is a platform for building web-based IT tools, automation platforms, APIs, and processes using PowerShell. It allows you to run scripts, schedule PowerShell jobs, and create dashboards. With REST APIs and authentication features, PowerShell Universal provides secure and controlled execution of your scripts.

Ironman Software PowerShell Universal

The OpenID Connect (OIDC) authentication configuration in PowerShell 
Universal before 2026.1.3 stores the OIDC client secret in cleartext in 
the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2024-50616	HIGH	8.8	Ironman Software PowerShell Universal	cpe:2.3:a:ironmansoftware:powershell_universal	No	Yes	Oct 27, 2024
CVE-2026-4064	HIGH	8.3	Ironman Software PowerShell Universal	cpe:2.3:a:ironmansoftware:powershell_universal	No	Yes	Mar 17, 2026
CVE-2026-3277	MEDIUM	6.5	Ironman Software PowerShell Universal	cpe:2.3:a:ironmansoftware:powershell_universal	No	Yes	Feb 27, 2026
CVE-2026-0618	MEDIUM	6.1	Ironman Software PowerShell Universal	cpe:2.3:a:ironmansoftware:powershell_universal	No	Yes	Jan 07, 2026
CVE-2026-3563	MEDIUM	5.5	Ironman Software PowerShell Universal	cpe:2.3:a:ironmansoftware:powershell_universal	No	Yes	Mar 17, 2026

CVE-2026-3277:
Ironman Software PowerShell Universal vulnerability analysis and mitigation

6.5

Related Ironman Software PowerShell Universal vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2026-3277: Ironman Software PowerShell Universal vulnerability analysis and mitigation