CNNVD-202601-2717 Information

CNNVD ID

CNNVD-202601-2717

Related CVE

CVE-2026-0696

• CNNVD Published: 2026-01-16

Description (Chinese)

ConnectWise PSA是美国ConnectWise公司的一种专业的服务自动化软件。 ConnectWise PSA 2026.1之前版本存在安全漏洞，该漏洞源于某些会话cookie未设置HttpOnly属性，可能导致客户端脚本访问会话cookie值。

Description (English)

ConnectWise PSA is a professional service automation software for ConnectWise in the United States. There was a security loophole in the previous version of ConectWise PSA 2026.1, which resulted from the fact that some session cookies did not set HttpOnly attributes, which could lead to client script access to session cookies.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ConnectWise

Published

2026-01-16

Last Modified

2026-02-24

References

https://www.connectwise.com/company/trust/security-bulletins/2026-01-15-psa-security-fix https://access.redhat.com/security/cve/cve-2026-0696

Patch

https://www.connectwise.com/software/psa