CVE-2026-0695

← CVEs

HIGH 8.7

Published

2026-01-16

Last Modified

2026-01-27

Affected Apps

Affected Devices

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected content is displayed.

Affected Applications in Environment 2

ScreenConnect v26.1.18.9566

4 devices

ScreenConnect v24.3.7.9067

1 device

Affected Devices 5

DPAPSB-PW0KMWGT Windows DPEFSN-29F0DS2 Windows DPELED-HS6NM44 Windows DPEXYP-9LRP2R2 Windows DPHSNG-9NX3K74 Windows

References 2

https://www.connectwise.com/company/trust/security-bulletins/2026-01-15-psa-security-fix
https://www.themissinglink.com.au/security-advisories/cve-2026-0695