ThreatCluster

ConnectWise Automate Vulnerability Allows Code Execution Bypass

First seen 26 May 2026, 11:05 UTC GbhackersCybersecuritynews 90% similarity 71

Article Content

Browse articles
ThreatCluster

ConnectWise has issued a security update for a high-severity vulnerability in its Automate platform, tracked as CVE-2026-9089. This flaw, with a CVSS score of 8.8, enables attackers to bypass integrity verification mechanisms, potentially allowing unauthorized code execution. Affected versions are those prior to 2026.5, which are widely used by managed service providers (MSPs). The vulnerability was published on May 21, 2026, and poses significant risks to organizations relying on this remote monitoring and management tool. Users are advised to update their systems immediately to mitigate potential exploitation.

Key Points: • CVE-2026-9089 allows attackers to bypass security checks in ConnectWise Automate. • The flaw affects versions of the platform prior to 2026.5 and has a CVSS score of 8.8. • Organizations using ConnectWise Automate are urged to apply the security update promptly.

ThreatCluster AI

Timeline

2026-05-21
CVE-2026-9089 published
ConnectWise disclosed a high-severity vulnerability in its Automate platform, allowing code execution bypass.
Gbhackers
2026-05-26
Security update released
ConnectWise released a patch for the Automate platform to address CVE-2026-9089, urging users to update.
Cybersecuritynews

Community

Browse all →