Transport Layer Encryption Flaw in ConnectWise Automate by ConnectWise
CVE-2026-6066

7.1HIGH

Key Information:

Vendor: Connectwise
Status: Automate
Vendor: CVE Published:; 20 April 2026

🔔 Create Connectwise Vulnerability Alert

What is CVE-2026-6066?

A vulnerability in ConnectWise Automate's Solution Center allows client-to-server communications without transport-layer encryption, enabling the possibility for network-based interception of sensitive traffic. This issue has been mitigated in version 2026.4, which enforces secure communications for all affected connections, thereby enhancing the overall security posture of the Automate deployment.

Affected Version(s)

Automate All versions prior to 2026.4

References

https://www.connectwise.com/company/trust/security-bullet...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2026
Vulnerability Reserved
Apr 10, 2026

CVE-2026-6066 Data

JSON