ConnectWise Automate Transport-Layer Encryption Vulnerability in Solution Center Communications

A vulnerability exists in ConnectWise Automate prior to version 2026.4, where certain client-to-server communications in the Solution Center could occur without transport-layer encryption. This lack of encryption could enable network-based interception of Solution Center traffic in affected Automate deployments. The issue has been addressed in version 2026.4 by enforcing secure communication for the impacted Solution Center connections.

Impact

Exploitation of this vulnerability could lead to the interception of unencrypted client-to-server communications in the ConnectWise Automate Solution Center, allowing for network-based eavesdropping on sensitive traffic.

Remediation

ConnectWise Automate users should update to version 2026.4. After applying the update, on-premises customers must ensure an SSL certificate is bound to the Solution Center on port 8484 to establish secure communication. Consult the ConnectWise documentation for guidance on this configuration. Additionally, verify that the LTShare has at least 1 GB of free disk space before installation. If issues arise during the update process, ConnectWise Support can provide assistance.