PT-2026-3252 · Connectwise · Connectwise Psa
Petar Sever
·
Published
2026-01-16
·
Updated
2026-01-27
·
CVE-2026-0696
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ConnectWise PSA versions prior to 2026.1
Description
Certain session cookies were not configured with the HttpOnly attribute in affected versions. This could potentially allow client-side scripts to access session cookie values.
Recommendations
Update to version 2026.1 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Connectwise Psa