Connectwise Automate
4 CVEs affecting Connectwise Automate. Latest disclosed: 2026-05-21. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-11492 | Critical | 9.6 | 2025-10-16 | In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-mi… |
CVE-2026-9089 | High | 8.8 | 2026-05-21 | The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is a… |
CVE-2025-11493 | High | 8.8 | 2025-10-16 | The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. Thi… |
CVE-2026-6066 | High | 7.1 | 2026-04-20 | ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client… |