CVE-2026-0695

High CVSS: 8.7

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected content is displayed.

Vendor

Connectwise

Product

Professional Service Automation

CWE

CWE-79

Yayın Tarihi

2026-01-16 14:15:54

Güncelleme

2026-01-27 13:15:54

Source Identifier

7d616e1a-3288-43b1-a0dd-0a65d3e70a49

KEV Date Added

Kategoriler

CWE-79 Professional Service Automation HIGH Connectwise 2026

Referanslar

https://www.connectwise.com/company/trust/security-bulletins/2026-01-15-psa-security-fix https://www.themissinglink.com.au/security-advisories/cve-2026-0695

Benzer Kayıtlar

Medium

CVE-2026-0696

In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some…

Medium

CVE-2025-14823

In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure…

Critical

CVE-2025-14265

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem…

High

CVE-2025-11493

The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updat…

Critical

CVE-2025-11492

In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on…

Medium

CVE-2025-7204

In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sen…