Connectwise Professional Service Automation — known CVE vulnerabilities
Every CVE whose affected-product data names Connectwise Professional Service Automation, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2026-0695 — CVSS 8.7 (high): In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying…
CVE-2025-7204 — CVSS 6.5 (medium): In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user…
CVE-2026-0696 — CVSS 6.5 (medium): In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this…