CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-0696

In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.1%

CVSS Severity

CVSS v3 Score 6.5

References

https://www.connectwise.com/company/trust/security-bulletins/2026-01-15-psa-security-fix

Products affected by CVE-2026-0696

Connectwise » Professional Service Automation » Version: Any

cpe:2.3:a:connectwise:professional_service_automation:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-0696

Products

Pricing

Contact Us