Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ConnectWise — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting ConnectWise. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ConnectWise develops IT management software for MSPs, focusing on remote monitoring, ticketing, and automation solutions. Historically, their products have faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and access controls. While no major public incidents have been widely documented, the 14 CVEs on record highlight ongoing security challenges. The company's complex architecture and extensive integrations increase attack surfaces, making regular security assessments critical for users. Their software's privileged access to client networks amplifies potential impact from exploitation.

Top products by ConnectWise: ScreenConnect PSA Automate Risk Assessment
CVE IDTitleCVSSSeverityPublished
CVE-2026-6066 Unencrypted Client‑Server Communication in ConnectWise Automate™ Solution Center — AutomateCWE-319 7.1 High2026-04-20
CVE-2026-3564 ScreenConnect Instance Level Cryptographic Material Exposure — ScreenConnectCWE-347 9.0 Critical2026-03-17
CVE-2026-0696 Session Cookies Missing HttpOnly Attribute — PSACWE-1004 6.5 Medium2026-01-16
CVE-2026-0695 Stored XSS in Time Entry Audit Trail — PSACWE-79 8.7 High2026-01-16
CVE-2025-14823 Certificate Signing Extension Returns Encrypted Values — ScreenConnectCWE-201 5.3 Medium2025-12-18
CVE-2025-14265 Improper server-side validation in ScreenConnect extension framework — ScreenConnectCWE-494 9.1 Critical2025-12-11
CVE-2025-11493 Self-Update Verification Mechanism Process in ConnectWise Automate — AutomateCWE-494 8.8 High2025-10-16
CVE-2025-11492 HTTP Configuration and Encryption in Transit — AutomateCWE-319 9.6 Critical2025-10-16
CVE-2025-7204 Exposure of password hashes via API responses in ConnectWise PSA — PSACWE-201 6.5 Medium2025-07-09
CVE-2025-4876 Hardcoded Key Revealed in ConnectWise Password Encryption Utility — Risk AssessmentCWE-321 6.0 Medium2025-05-19
CVE-2025-3935 ScreenConnect Exposure to ASP.NET ViewState Code Injection — ScreenConnectCWE-502 8.1 High2025-04-25
CVE-2024-1709 Authentication bypass using an alternate path or channel — ScreenConnectCWE-288 10.0 Critical2024-02-21
CVE-2024-1708 Improper limitation of a pathname to a restricted directory (“path traversal”) — ScreenConnectCWE-22 8.4 High2024-02-21
CVE-2022-36781 ConnectWise - ScreenConnect Session Code Bypass — ScreenConnect 5.3 Medium2022-09-28

This page lists every published CVE security advisory associated with ConnectWise. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.