Connectwise Security Vulnerabilities (CVEs)
Track 13 security vulnerabilities affecting Connectwise products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This is a stored cross-site scripting (XSS) vulnerability in ConnectWise PSA's Time Entry Audit Trail feature. Attackers can inject malicious scripts ...
Jan 16, 2026ConnectWise PSA versions before 2026.1 fail to set HttpOnly attribute on certain session cookies, potentially allowing client-side scripts to access s...
Jan 16, 2026This vulnerability in ScreenConnect's Certificate Signing Extension could expose encrypted Azure Key Vault configuration values to unauthenticated use...
Dec 18, 2025This vulnerability allows authorized or administrative users to install and execute untrusted extensions on ScreenConnect servers, potentially leading...
Dec 11, 2025CVE-2025-11492 allows man-in-the-middle attacks against ConnectWise Automate Agent when configured to use HTTP instead of HTTPS. An attacker on the ne...
Oct 16, 2025This vulnerability allows attackers to extract a hardcoded AES decryption key from ConnectWise Risk Assessment's password encryption utility via rever...
May 19, 2025CVE-2025-3935 is a ViewState code injection vulnerability affecting ScreenConnect versions 25.2.3 and earlier. Attackers with compromised machine keys...
Apr 25, 2025This path traversal vulnerability in ConnectWise ScreenConnect allows attackers to bypass authentication and potentially execute remote code or access...
Feb 21, 2024CVE-2024-1709 is an authentication bypass vulnerability in ConnectWise ScreenConnect that allows attackers to access administrative functions without ...
Feb 21, 2024This vulnerability in ConnectWise ScreenConnect allows man-in-the-middle attackers to send crafted messages that can lead to remote code execution. It...
Feb 1, 2024This vulnerability in ConnectWise Control (formerly ScreenConnect) allows attackers to modify signed executable files without invalidating their digit...
Feb 13, 2023This CVE describes an XML External Entity (XXE) vulnerability in ConnectWise Automate that allows attackers to read arbitrary files from the server fi...
Jun 21, 2021This is a blind SQL injection vulnerability in ConnectWise Automate's core agent inventory communication. Attackers can exploit it to extract sensitiv...
Jun 17, 2021Why Monitor Connectwise Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 13+ known vulnerabilities affecting Connectwise products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Connectwise packages in under 60 seconds. No agents required - completely agentless scanning that works across Connectwise deployments.
Free vulnerability database: Access detailed information about every Connectwise CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Connectwise CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
