Connectwise Psa
3 CVEs affecting Connectwise Psa. Latest disclosed: 2026-01-16. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-0695 | High | 8.7 | 2026-01-16 | In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certai… |
CVE-2026-0696 | Medium | 6.5 | 2026-01-16 | In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-sid… |
CVE-2025-7204 | Medium | 6.5 | 2025-07-09 | In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information. Specific API r… |