CVE-2026-9089

Summary

The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5.

Affected Software

VendorProductVersion RangeStatus
ConnectWiseAutomateAll versions prior to 2026.5affected

Weaknesses

  • CWE-494: CWE-494 Download of code without integrity check

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References