Security Update: PowerShell Universal CVE-2023-49213

PowerShell Universal

November 16, 2023

quote Discuss this Article


All supported versions of PowerShell Universal are affected by CVE-2023-49213. This vulnerability allows remote attackers to execute arbitrary commands over HTTP by exploiting the PowerShell Universal API endpoints with specially crafted requests. Please update immediately. Patched versions include:

Download Now

About CVE-2023-49213

CVE-2023-49213 is a remote code execution vulnerability that affects all supported versions of PowerShell Universal. Due to improper sanitization of input strings, an attacker can provide specially crafted input to the PowerShell Universal API endpoints to execute arbitrary commands on the server. Endpoints that require authentication will require that the attacker has valid credentials. See below for technical information about the vulnerability.

Affected Versions

All supported versions of PowerShell Universal 3.0.0 through 4.2.0.


Upgrade to PowerShell Universal to one of the following versions:

It is also possible to avoid this issue by adjusting endpoints to avoid using a param block. For example, if you have an endpoint that is implemented like this:



You would remove the param and use the $Name variable directly. The script would become the following.


Technical Details

Due to invalid processing of parameter values, certain strings would execute commands on the server when applying them to a parameter. For example, the following request would execute Start-Process on the server and open Notepad.

import requests
url = "http://localhost:5000/exploit"
payload = {'exploit': '\'(Start-Process Notepad)\''}
headers = {}
response = requests.request("PUT", url, headers=headers, data=payload, files=files)

Any endpoint that contains parameters, like below, is susceptible to this vulnerability.




Ironman Software would like to thank Héctor Cavalcanti Saavedra from Autosécurité SA for reporting this vulnerability. We encourage all users and security researchers to review our security policy and responsibly disclose any vulnerabilities to Ironman Software.



Please contact Ironman Software support.