CVE-2026-9089
HIGHDescription
The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| connectwise | automate |
References
Frequently Asked Questions
What is CVE-2026-9089? +
How severe is CVE-2026-9089? +
What products are affected by CVE-2026-9089? +
How do I check if I'm vulnerable to CVE-2026-9089? +
Related Vulnerabilities
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or …
Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation …
iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These …
This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at …
A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the …
Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP …