Get Support

Request a Quote

Platform

IT Service & Endpoint Management

Cybersecurity & Data Protection

Platform Benefits

Free TrialsProduct RoadmapCase Studies

ConnectWise has acquired zofiQ, a leading agentic AI company – see the announcement!
Solutions

By Organization

By Need

By Product Category

Free TrialsProduct RoadmapCase Studies

The first and only true MSP platform
Resources

Training & Resources

Events & Communities

Product SupportResource LibraryPartner Program

Let’s meet up at the industry’s largest MSP event!
About Us

About Us

News & Press

See why ConnectWise is the leading partner for IT businesses
ConnectWise
;

ConnectWise Automate™ 2026.4 Security Fix

Date: 04-20-2026
Product(s): ConnectWise Automate
Severity: Moderate
Priority: 2 - Moderate

Summary

ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center traffic in Automate deployments. The issue has been resolved in Automate 2026.4 by enforcing secure communication for affected Solution Center connections.

Vulnerability

CVE-2026-6066

CWE ID Description Base Score Vector
CWE-319 Cleartext Transmission of Sensitive Information 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Severity

Moderate—Vulnerabilities where impact is limited to a significant degree by mitigating factors such as version / configuration, detective controls, or are otherwise difficult to exploit

Priority 

2 Moderate—Vulnerabilities that have elevated risk but exploits are neither known nor anticipated to be imminent. Recommend updates be prioritized against normal change management timelines but no longer than 30 days.

Affected versions

Automate version prior to 2026.4 are impacted.

Remediation

Cloud

No action is required.

On-premise
Apply the 2026.4 release.

For information regarding the newest release, please reference this doc: Automate Release Notes Version 2026 - ConnectWise

After applying the update, on-premises customers must ensure the following configurations are in place:

  • An SSL certificate is bound to the Solution Center on port 8484 to establish secure communication. Refer to the ConnectWise documentation for configuration steps: Solution Center Client and Service HTTPS Update - ConnectWise
  • In some environments, antivirus or endpoint protection products may interfere with the Automate patch installer or service behavior during upgrades. If issues are encountered during installation or startup, refer to the ConnectWise documentation for recommended antivirus exclusions: Automate Antivirus Exclusions for Windows.
  • Ensure that the LTShare has a minimum of 1 GB of free disk space prior to installation.

If you experience issues completing the update or required configuration steps, please contact ConnectWise Support for assistance.