Security Advisory

CVE-2026-0696

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-16 13:34:49

Last updated 2026-01-27 12:14:05

Assigner ConnectWise

State PUBLISHED

Description

In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values.

← Browse all CVEs View on cve.org ↗