CVE-2026-3563 in PowerShell Universal
Summary
by MITRE • 03/17/2026
Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of service via a conflicting URL path.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 03/21/2026
The vulnerability identified as CVE-2026-3563 represents a critical flaw in PowerShell Universal's input validation mechanisms that affects versions prior to 2026.1.4. This issue resides within the application and endpoint configuration components of the platform, where insufficient validation of user inputs creates a pathway for authenticated attackers to manipulate the routing behavior of the system. The vulnerability specifically targets the configuration management capabilities that allow authorized users to create or modify applications and endpoints, making it particularly dangerous in environments where multiple administrators have access to these functions.
The technical exploitation of this vulnerability occurs through a specific type of input manipulation that enables an attacker to craft URL paths that conflict with existing system routes. When an authenticated user with appropriate permissions submits a configuration that contains a URL path overlapping with existing applications or system routes, the system fails to properly validate these inputs, allowing the malicious configuration to override legitimate routing rules. This improper validation creates a condition where the system's request routing mechanism becomes compromised, potentially redirecting requests to unintended destinations or creating routing conflicts that render certain endpoints inaccessible.
The operational impact of this vulnerability extends beyond simple routing disruptions to encompass potential denial of service conditions that can severely impact system availability and functionality. When conflicting URL paths are introduced, the system may experience unpredictable behavior where legitimate requests fail to reach their intended destinations, causing cascading failures throughout the application ecosystem. The vulnerability can be leveraged to create persistent routing issues that may require manual intervention to resolve, potentially leading to extended downtime and service disruption for users relying on PowerShell Universal for automation and management tasks.
The underlying flaw aligns with CWE-20, which specifically addresses improper input validation, and demonstrates how insufficient validation in configuration management interfaces can create significant security risks. From an attack perspective, this vulnerability maps to several ATT&CK techniques including T1059.001 for command and scripting interpreter and T1566.001 for spearphishing attachment, as attackers can exploit the routing manipulation to redirect traffic to malicious endpoints or create conditions that facilitate further exploitation. The authentication requirement for exploitation means that this vulnerability primarily affects environments with insufficient privileged access controls or where administrative credentials have been compromised.
Organizations should immediately implement mitigations including upgrading to PowerShell Universal version 2026.1.4 or later, which contains the necessary input validation fixes. Additional protective measures should include implementing strict access controls for application and endpoint configuration permissions, monitoring for unusual routing changes, and establishing robust configuration management procedures that include input sanitization and validation checks. Network segmentation and monitoring solutions should be deployed to detect anomalous routing behavior that may indicate exploitation attempts. The vulnerability highlights the importance of validating all user inputs in configuration management interfaces and demonstrates how seemingly minor validation gaps can create significant operational and security impacts in enterprise automation platforms.