CVE-2026-0696

Medium CVSS: 6.5

In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values.

Vendor

Connectwise

Product

Professional Service Automation

CWE

CWE-1004

Yayın Tarihi

2026-01-16 14:15:54

Güncelleme

2026-01-27 13:15:54

Source Identifier

7d616e1a-3288-43b1-a0dd-0a65d3e70a49

KEV Date Added

Kategoriler

CWE-1004 Professional Service Automation MEDIUM Connectwise 2026

Referanslar

https://www.connectwise.com/company/trust/security-bulletins/2026-01-15-psa-security-fix https://www.themissinglink.com.au/security-advisories/cve-2026-0696

Benzer Kayıtlar

High

CVE-2026-0695

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered wit…

Medium

CVE-2025-14823

In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure…

Critical

CVE-2025-14265

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem…

High

CVE-2025-11493

The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updat…

Critical

CVE-2025-11492

In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on…

Medium

CVE-2025-7204

In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sen…