CVE-2026-6066
Unencrypted Communication Vulnerability in ConnectWise Automate Solution Center
Publication date: 2026-04-20
Last updated on: 2026-04-23
Assigner: ConnectWise
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| connectwise | automate | to 2026.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves client-to-server communications occurring without transport-layer encryption, which could allow network-based interception of traffic. Such a security issue may impact compliance with standards and regulations like GDPR and HIPAA that require protection of sensitive data in transit.
By allowing unencrypted communications, the vulnerability could lead to unauthorized access or disclosure of sensitive information, potentially violating data protection requirements.
The issue has been resolved in Automate 2026.4 by enforcing secure communication, which helps restore compliance with these standards by ensuring data confidentiality during transmission.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves certain client-to-server communications within the ConnectWise Automate Solution Center occurring without transport-layer encryption, specifically on port 8484 before the 2026.4 update.
To detect this vulnerability on your network or system, you can monitor network traffic to check if communications to the Solution Center are occurring without SSL encryption.
- Use network packet capture tools like Wireshark or tcpdump to capture traffic on port 8484 and verify if the traffic is unencrypted (cleartext).
- Example tcpdump command to capture traffic on port 8484: sudo tcpdump -i any port 8484 -w capture.pcap
- Analyze the captured packets in Wireshark to check if the traffic is using SSL/TLS or is unencrypted.
- Check the ConnectWise Automate version installed; versions prior to 2026.4 are vulnerable. You can verify the version via the application interface or command line if supported.
Can you explain this vulnerability to me?
This vulnerability exists in ConnectWise Automate's Solution Center where certain client-to-server communications could occur without transport-layer encryption. This means that data transmitted between clients and the server might not be securely encrypted, allowing potential interception by attackers on the network.
The issue has been fixed in Automate version 2026.4 by enforcing secure communication for the affected Solution Center connections.
How can this vulnerability impact me? :
Because the communications could occur without encryption, an attacker on the same network could intercept sensitive data transmitted between clients and the ConnectWise Automate Solution Center. This could lead to exposure of confidential information.
The CVSS score of 7.1 indicates a high severity impact, with potential high confidentiality impact and low integrity impact, but no impact on availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update ConnectWise Automate to version 2026.4 or later, which enforces secure communication for affected Solution Center connections.