Unencrypted Client‑Server Communication in ConnectWise Automate™ Solution Center_CVE-2026-6066

7.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Description

ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center traffic in Automate deployments. The issue has been resolved in Automate 2026.4 by enforcing secure communication for affected Solution Center connections.

Basic Information

ID CVE-2026-6066

Source ConnectWise

Published Apr 20, 2026 at 15:26

Modified Apr 20, 2026 at 16:13

Affected Product

Vendor ConnectWise

Product Automate

Version All versions prior to 2026.4

Affected Versions ConnectWise Automate All versions prior to 2026.4

CWE Classification

CWE-319

References

www.connectwise.com /company/trust/security-bulletins/2026-04-20-connectwise-automate-bulletin

{
    "lastseen": "",
    "description": "ConnectWise has released a security update for ConnectWise Automate\u2122 that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network\u2011based interception of Solution Center traffic in Automate deployments. The issue has been resolved in Automate 2026.4 by enforcing secure communication for affected Solution Center connections.",
    "published": "2026-04-20T15:26:31.843Z",
    "modified": "2026-04-20T16:13:06.767Z",
    "type": "cve",
    "title": "Unencrypted Client\u2011Server Communication in ConnectWise Automate\u2122 Solution Center",
    "source": "ConnectWise",
    "references": "https://www.connectwise.com/company/trust/security-bulletins/2026-04-20-connectwise-automate-bulletin",
    "id": "CVE-2026-6066",
    "bulletinFamily": "",
    "cwe": [
        "CWE-319"
    ],
    "cvelist": null,
    "sourceData": "ConnectWise Automate All versions prior to 2026.4",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Automate",
    "version": "All versions prior to 2026.4",
    "vendor": "ConnectWise",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}