A high-severity vulnerability has been discovered in ConnectWise PSA, identified as CVE-2026-0695. This flaw could allow an unauthenticated remote attacker to bypass security controls and gain administrative access to the system. Successful exploitation could lead to a complete system compromise, resulting in data theft, service disruption, and further network intrusion.

This vulnerability is an authentication bypass flaw within the web-based management interface of ConnectWise PSA. An unauthenticated attacker can send a specially crafted HTTP request to a specific application endpoint, which improperly processes user session data. This allows the attacker to create a valid, privileged session without providing any credentials, effectively granting them administrative control over the application.

This vulnerability is rated as High severity with a CVSS score of 8.7. A successful exploit would grant an attacker complete administrative control over the ConnectWise PSA platform, which often contains highly sensitive customer data, financial records, project details, and network credentials. The potential consequences include theft of confidential information, deployment of ransomware, disruption of critical business operations, and significant reputational damage. The compromised system could also be used as a pivot point to launch further attacks against the internal network.

Immediate Action: Apply the security patches provided by ConnectWise to all affected PSA instances immediately, prioritizing any systems exposed to the internet. After patching, thoroughly review application and system access logs for any indicators of compromise, such as unauthorized logins or suspicious administrative activity, that may have occurred prior to remediation.

Proactive Monitoring: Actively monitor web server and firewall logs for unusual requests targeting the PSA application, particularly those with malformed parameters or from untrusted IP addresses. Configure security information and event management (SIEM) systems to alert on multiple failed login attempts followed by a successful login from the same source, or any administrative actions performed outside of normal business hours.

Compensating Controls: If patching cannot be performed immediately, restrict network access to the ConnectWise PSA interface to only trusted IP addresses using a firewall or Web Application Firewall (WAF). Ensure that the administrative interface is not exposed directly to the public internet. While not a direct mitigation for an authentication bypass, enforcing multi-factor authentication (MFA) across the organization remains a critical security best practice.

Public Exploit Available: false

This vulnerability presents a significant and immediate risk to the organization. An unauthenticated attacker can achieve a full system compromise with relatively low complexity. Although CVE-2026-0695 is not currently listed on the CISA KEV catalog, its high severity score demands urgent attention. We strongly recommend that the vendor-supplied security updates be applied to all vulnerable systems as an emergency change to prevent potential exploitation.