Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.8
PowerShell Universal stores OpenID Connect secret in plain text
CVE-2026-3277
Summary
PowerShell Universal versions before 2026.1.3 store OpenID Connect client secrets in plain text, making them easily accessible to unauthorized users. This could allow attackers to access your account or system. Update to version 2026.1.3 or later to fix this issue.
Original title
The OpenID Connect (OIDC) authentication configuration in PowerShell
Universal before 2026.1.3 stores the OIDC client secret in cleartext in
the .universal/authentication.ps1 script, which allows...
Original description
The OpenID Connect (OIDC) authentication configuration in PowerShell
Universal before 2026.1.3 stores the OIDC client secret in cleartext in
the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials
Universal before 2026.1.3 stores the OIDC client secret in cleartext in
the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials
Vulnerability type
CWE-312
Cleartext Storage of Sensitive Information
Published: 27 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026