CVE-2026-3277
CWE-312Published: February 27, 2026· Updated: Mar 2, 2026
Official Description
The OpenID Connect (OIDC) authentication configuration in PowerShell
Universal before 2026.1.3 stores the OIDC client secret in cleartext in
the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials
Technical Analysis
CVE-2026-3277 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
Exploit & PoC Resources
News & Research Mentioning CVE-2026-3277
View CSAF Summary Hitachi Energy is aware of vulnerabilities that affect RTU500 product versions listed in this document. If exploited, these vulnerabilities primarily impact product availability, with potential secondary impacts on confidentiality and integrity. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. The following versions of Hitachi Energy RTU500 are affected: RTU500 series CMU Firmware vers:RTU500_series_CMU_Firmware/>=12.7.1| =13.5.1| =13.6.1| =13.7.1| =13.7.1|<=13.7.7 (CVE-2025-69421, CVE-2026-24515, CVE-2026-25210, CVE-2026-32776, CVE-2026-32777, CVE-2026-32778, CVE-2026-8479, CVE-2025-69421, CVE-2026-24515, CVE-2026-25210, CVE-2026-32776, CVE-2026-32777, CVE-2026-32778, CVE-2026-8479 [xlite_meta score:73 src:CISA Alerts xlite_fp:e0302865b72e9b97b1771d4c965cf7af6cfe4bd6f8338fe2df4d820e2ee37607]
All References (1)
Quick Facts
Related CVEs (CWE-312)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-3277 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts