Threat Intel

v0.1

← CVEs

CVE-2026-0696

MED 6.5
Published
2026-01-16
Last Modified
2026-01-27
Affected Apps
2
Affected Devices
5
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values.
Affected Applications in Environment 2
ScreenConnect v26.1.18.9566
4 devices
ScreenConnect v24.3.7.9067
1 device
Affected Devices 5
DPAPSB-PW0KMWGT Windows DPEFSN-29F0DS2 Windows DPELED-HS6NM44 Windows DPEXYP-9LRP2R2 Windows DPHSNG-9NX3K74 Windows
References 2