CVE-2026-9089
8.8 HIGHThe ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update opera...
Published: 2026-05-21 · Last updated: 2026-05-21
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-494
Description
The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-9037 — A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through...
- CVE-2026-45058 — electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client
- CVE-2026-42249 — Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled... (9.8 CRITICAL)
- CVE-2026-42248 — Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables (9.8 CRITICAL)
- CVE-2025-10539 — Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselve... (4.8 MEDIUM)