HIGH🇬🇧 English

CVE-2026-6066

CVSS 7.1v3.1pub. 2026-04-20upd. 2026-04-23

ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center traffic in Automate deployments. The issue has been resolved in Automate 2026.4 by enforcing secure communication for affected Solution Center connections.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
  • Connectwise Automate

    APP
    Connectwise
    < 2026.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-11492CRITICAL9.6PL ✓ten sam produkt

ConnectWise Automate Agent – nieszyfrowana komunikacja HTTP podatna na MITM

CVE-2021-35066CRITICAL9.8ten sam produkt

An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132.

CVE-2020-15027CRITICAL9.8ten sam produkt

ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing auth...

CVE-2025-11493HIGH8.8ten sam produkt

The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, suc...

CVE-2023-47257HIGH8.1ten sam produkt

ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution v...

CVE-2026-6066 — HIGH 7.1 | CVEbaza.pl