CVE-2026-0618 – A cross-site scripting (XSS) vulnerability in D... (How to Fix)

Q: What is the severity of CVE-2026-0618?

CVE-2026-0618 has a CVSS score of 6.1 (MEDIUM). A cross-site scripting (XSS) vulnerability in Devolutions PowerShell Universal allows attackers to inject malicious scripts into web pages viewed by other users. This affects all deployments running PowerShell Universal versions before 4.5.6 or before 5.6.13. Users accessing the vulnerable web interface are at risk.

📋 TL;DR

A cross-site scripting (XSS) vulnerability in Devolutions PowerShell Universal allows attackers to inject malicious scripts into web pages viewed by other users. This affects all deployments running PowerShell Universal versions before 4.5.6 or before 5.6.13. Users accessing the vulnerable web interface are at risk.

💻 Affected Systems

Products:

Devolutions PowerShell Universal

Versions: All versions before 4.5.6 and all versions before 5.6.13

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects web interface components of PowerShell Universal deployments.

📦 What is this software?

Powershell Universal by Ironmansoftware

View all CVEs affecting Powershell Universal →

Powershell Universal by Ironmansoftware

View all CVEs affecting Powershell Universal →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or deploy malware through the PowerShell Universal interface.

🟠

Likely Case

Session hijacking, credential theft, or unauthorized actions performed through the compromised user's session.

🟢

If Mitigated

Limited impact if proper input validation and output encoding are implemented, though some functionality may still be affected.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

XSS vulnerabilities typically have low exploitation complexity once the injection point is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.5.6 or 5.6.13

Vendor Advisory: https://devolutions.net/security/advisories/DEVO-2026-0001/

Restart Required: Yes

Instructions:

1. Backup your PowerShell Universal configuration and data. 2. Download the patched version (4.5.6 or 5.6.13) from the Devolutions website. 3. Install the update following the vendor's upgrade documentation. 4. Restart the PowerShell Universal service.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement additional input validation for user-supplied data in web forms

Content Security Policy

all

Implement strict Content Security Policy headers to mitigate XSS impact

🧯 If You Can't Patch

Restrict network access to PowerShell Universal interface to trusted users only
Implement web application firewall (WAF) rules to block XSS payloads

🔍 How to Verify

Check if Vulnerable:

Check PowerShell Universal version in the web interface under Settings > About or via PowerShell command: Get-PSUVersion

Check Version:

Get-PSUVersion

Verify Fix Applied:

Verify version is 4.5.6 or higher (for v4.x) or 5.6.13 or higher (for v5.x) after patching

📡 Detection & Monitoring

Log Indicators:

Unusual script tags or JavaScript in web request logs
Multiple failed XSS attempts in web server logs

Network Indicators:

Suspicious script payloads in HTTP requests to PowerShell Universal endpoints

SIEM Query:

source="powershell_universal" AND (http_request CONTAINS "<script>" OR http_request CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2026-0618

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (10.2th percentile)

Published: January 7, 2026

Last Updated: January 30, 2026

🔗 References

https://devolutions.net/security/advisories/DEVO-2026-0001/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-0618, you might also want to check these: