CVE-2026-4064 in PowerShell Universal
Summary
by MITRE • 03/17/2026
Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading sensitive data, creating or deleting resources, and disrupting service operations — via crafted gRPC requests.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 03/21/2026
The vulnerability identified as CVE-2026-4064 represents a critical authorization flaw within PowerShell Universal software versions prior to 2026.1.4. This issue manifests as a failure in implementing proper access control mechanisms across multiple gRPC service endpoints, creating a significant security gap that undermines the intended role-based access control architecture. The flaw specifically affects the authentication and authorization subsystems that govern how users interact with the PowerShell Universal platform through gRPC protocols.
The technical implementation of this vulnerability stems from the absence of proper authorization validation checks within the gRPC service handlers. When authenticated users submit requests to affected endpoints, the system fails to verify whether the requesting user possesses the necessary privileges to execute the requested operations. This missing validation allows any authenticated user with a valid token to escalate their privileges and perform operations beyond their intended role scope. The gRPC protocol's design, which typically handles service-to-service communication with minimal overhead, becomes a vector for privilege escalation when proper authorization boundaries are not enforced.
From an operational impact perspective, this vulnerability creates substantial risk for organizations relying on PowerShell Universal for automation and orchestration tasks. Attackers can exploit this flaw to gain unauthorized access to sensitive system information, manipulate critical infrastructure resources, and potentially disrupt service availability. The ability to read sensitive data through crafted gRPC requests poses significant data exposure risks, while the capacity to create or delete resources allows for destructive operations that could compromise system integrity and availability. The impact extends beyond individual security breaches to potentially affect entire automation workflows and infrastructure components.
The vulnerability aligns with CWE-285, which addresses improper authorization issues in software systems, and demonstrates characteristics consistent with ATT&CK technique T1078.004, which covers legitimate credentials usage for privilege escalation. Organizations should implement immediate mitigations including upgrading to PowerShell Universal version 2026.1.4 or later, which contains the necessary authorization checks. Additional protective measures include monitoring gRPC endpoint access patterns, implementing network segmentation to limit access to these services, and conducting thorough access control reviews to ensure proper role assignments. Security teams should also consider implementing additional authentication layers and regular vulnerability assessments to prevent similar authorization bypass scenarios in other components of their automation infrastructure.