connectwise

Top products

The 15 most recently published vulnerabilities affecting connectwise.

• CVE-2026-11596In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify ...4.7Jun 10, 2026
• CVE-2026-9089The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5.8.8May 21, 2026
• CVE-2026-6066Unencrypted Client‑Server Communication in ConnectWise Automate™ Solution Center7.1Apr 20, 2026
• CVE-2026-3564ScreenConnect Instance Level Cryptographic Material Exposure9.0Mar 17, 2026
• CVE-2026-0696Session Cookies Missing HttpOnly Attribute6.5Jan 16, 2026
• CVE-2026-0695Stored XSS in Time Entry Audit Trail8.7Jan 16, 2026
• CVE-2025-14823Certificate Signing Extension Returns Encrypted Values5.3Dec 18, 2025
• CVE-2025-14265Improper server-side validation in ScreenConnect extension framework9.1Dec 11, 2025
• CVE-2025-11493Self-Update Verification Mechanism Process in ConnectWise Automate8.8Oct 16, 2025
• CVE-2025-11492HTTP Configuration and Encryption in Transit9.6Oct 16, 2025
• CVE-2025-7204Exposure of password hashes via API responses in ConnectWise PSA6.5Jul 9, 2025
• CVE-2025-4876Hardcoded Key Revealed in ConnectWise Password Encryption Utility6.0May 19, 2025
• CVE-2025-3935ScreenConnect Exposure to ASP.NET ViewState Code InjectionKEV8.1Apr 25, 2025
• CVE-2024-1709Authentication bypass using an alternate path or channelKEV10.0Feb 21, 2024
• CVE-2024-1708Improper limitation of a pathname to a restricted directory (“path traversal”)KEV8.4Feb 21, 2024