EUVD-2026-23875
GHSA-h2v9-xpqq-69hx
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Lifecycle Timeline
2DescriptionNVD
ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center traffic in Automate deployments. The issue has been resolved in Automate 2026.4 by enforcing secure communication for affected Solution Center connections.
AnalysisAI
Unencrypted client-server communications in ConnectWise Automate Solution Center expose sensitive data to network interception in all versions before 2026.4. Remote authenticated attackers with network access can capture Solution Center traffic containing potentially high-value confidential information (CVSS:3.1 C:H). …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all ConnectWise Automate Solution Center deployments and identify which versions are deployed (all versions before 2026.4 are affected). Within 7 days: Implement network segmentation to restrict Solution Center traffic to trusted network segments only and deploy TLS/SSL inspection or network monitoring to detect unencrypted sensitive data transmission. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today