PT-2026-42478 · Connectwise · Automate Agent
Published
2026-05-21
·
Updated
2026-05-27
·
CVE-2026-9089
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ConnectWise Automate versions prior to 2026.5
Description
The ConnectWise Automate Agent fails to fully verify the authenticity of components obtained during plugin loading and self-update operations. This lack of integrity checks during the download of code could allow for remote code execution.
Recommendations
Update to version 2026.5.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Automate Agent