What is CVE-2026-0695?

CVE-2026-0695 is a high-severity vulnerability in Connectwise Psa, classified under Cross-site Scripting. CVSS score: 8.7/10. Published 2026-01-16.

How severe is CVE-2026-0695?

High severity. CVSS v3 base score is 8.7 out of 10.

XSS in Connectwise Psa

CVE-2026-0695

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execu…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (4.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N.

Affected products

Connectwise Psa — versions All versions prior to 2026.1

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

www.connectwise.com/company/trust/security-bulletins/2026-01-15-psa-security-fix
www.themissinglink.com.au/security-advisories/cve-2026-0695

Frequently asked questions

What is CVE-2026-0695?: CVE-2026-0695 is a high-severity vulnerability in Connectwise Psa, classified under Cross-site Scripting. CVSS score: 8.7/10. Published 2026-01-16.
How severe is CVE-2026-0695?: High severity. CVSS v3 base score is 8.7 out of 10.