PowerShell Universal and PowerShell Pro Tools - CVE-2021-26701

July 7, 2021

Discuss this Article

CVE-2021-26701 is a .NET Core vulnerability that affects applications built with the framework. PowerShell Universal and PowerShell Pro Tools for Visual Studio code, PSCommander and the TUI Designer are built with this framework.

Affected Products and Versions

PowerShell Universal 1.5.20 and below
PowerShell Universal 2.1.1 and below
PowerShell Pro Tools for Visual Studio Code 5.28.8 and below
PSCommander 1.4.6 and below
TUI Designer 0.3-beta and below

Remediation

PowerShell Universal 1.5.20 and below -> Upgrade to 1.5.21 or later
PowerShell Universal 2.1.1 and below -> Upgrade to 2.1.2 or later
PowerShell Pro Tools for Visual Studio Code 5.28.8 and below -> Upgrade to 5.28.9 or later
PSCommander 1.4.6 and below -> Upgrade to 1.4.7 or later
TUI Designer 0.3-beta and below -> Upgrade to 0.4-beta or later

Discussion

The vulnerability is located within the System.Text.Encodings.Web package. Although none of our products use this directly, they may use it indirectly through other dependencies. We recommend upgrading to a version that includes the patched version of the assembly.

Downloads

You can download new versions of our software via our downloads page.

Ironman Software Forums

Continue the conversion on the Ironman Software forums. Chat with over 1000 users about PowerShell, PowerShell Universal, and PowerShell Pro Tools.

Join Now

Ironman Software Newsletter

Receive once-a-month updates about Ironman Software. You'll learn about our product updates and blogs related to PowerShell.