We are reporting a Critical vulnerability (SC2016-003-136430), for an open source component (Sitecore PowerShell Extensions), which the Sitecore Experience Accelerator is dependent upon. You are also at risk if you used the open source Sitecore PowerShell Extensions module in other projects.
Please note that the Sitecore PowerShell Extensions module is not distributed with Sitecore software and is not a part of the default Sitecore Installation.
We encourage Sitecore customers and partners to familiarize themselves with the information below and apply the recommended fix to all affected Sitecore systems.
If you would like to receive notifications about new Security Bulletins, please subscribe to the Security Bulletins RSS Feed.