Primary

Context

ConnectWise Automate Plugin Integrity Verification Vulnerability

Vulnerability

Patched

A vulnerability exists in ConnectWise Automate Agent versions prior to 2026.5, where the agent does not fully verify the authenticity of components during plugin loading and self-update processes. This lack of proper integrity checks can lead to the execution of unverified code, potentially allowing for malicious modifications or actions.

Impact

Exploitation of this vulnerability could result in the unauthorized execution of unverified code, with the potential for malicious components to be loaded and executed by the ConnectWise Automate Agent.

Remediation

Users can update to ConnectWise Automate version 2026.5, which includes improved integrity verification for all agent components. Instructions for updating to this release are available in the ConnectWise Automate Release Notes 2026.5.

Added: May 21, 2026, 4:23 PM

Updated: May 21, 2026, 4:23 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.5

remediation

7.7

relevance

8.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.5

remediation

7.7

relevance

8.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ConnectWise Automate Plugin Integrity Verification Vulnerability

Vulnerability

Impact

Remediation

Affected Products

ConnectWise Automate

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating