CVE-2026-0695 - Vulnerability Details - OpenCVE

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected content is displayed.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

Cloud Cloud instances are automatically being updated to the latest ConnectWise PSA release. On-premise Apply the 2026.1 release patches and ensure all desktop clients are up to date.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.connectwise.com/company/trust/security-bulletins/2026-01-15-psa-security-fix

History

Fri, 16 Jan 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 16 Jan 2026 14:00:00 +0000

Type	Values Removed	Values Added
Description		In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected content is displayed.
Title		Stored XSS in Time Entry Audit Trail
Weaknesses		CWE-79
References		https://www.connectwise.com/company/trust/security-bulletins/2026-01-15-psa-security-fix
Metrics		cvssV3_1 `{'score': 8.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: ConnectWise

Published: 2026-01-16T13:34:42.833Z

Updated: 2026-01-16T14:07:48.888Z

Reserved: 2026-01-07T21:31:57.230Z

Link: CVE-2026-0695

Vulnrichment

Updated: 2026-01-16T14:07:43.518Z

NVD

Status : Awaiting Analysis

Published: 2026-01-16T14:15:54.793

Modified: 2026-01-16T15:55:12.257

Link: CVE-2026-0695

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-79

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0695", "assignerOrgId": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49", "state": "PUBLISHED", "assignerShortName": "ConnectWise", "dateReserved": "2026-01-07T21:31:57.230Z", "datePublished": "2026-01-16T13:34:42.833Z", "dateUpdated": "2026-01-16T14:07:48.888Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["PSA Web Application and PSA Desktop Client"], "product": "PSA", "vendor": "ConnectWise", "versions": [{"status": "affected", "version": "All versions prior to 2026.1"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Petar Sever (The Missing Link)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user\u2019s browser when the affected content is displayed."}], "value": "In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user\u2019s browser when the affected content is displayed."}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49", "shortName": "ConnectWise", "dateUpdated": "2026-01-16T13:34:42.833Z"}, "references": [{"url": "https://www.connectwise.com/company/trust/security-bulletins/2026-01-15-psa-security-fix"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<b>Cloud</b><br>Cloud instances are automatically being updated to the latest ConnectWise PSA release.<br><br><b>On-premise</b><br>Apply the 2026.1 release patches and ensure all desktop clients are up to date.<br>\n\n<br>"}], "value": "Cloud\nCloud instances are automatically being updated to the latest ConnectWise PSA release.\n\nOn-premise\nApply the 2026.1 release patches and ensure all desktop clients are up to date."}], "source": {"discovery": "UNKNOWN"}, "title": "Stored XSS in Time Entry Audit Trail", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-16T14:07:34.050146Z", "id": "CVE-2026-0695", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-16T14:07:48.888Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0695", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-16T14:07:34.050146Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-16T14:07:43.518Z"}}], "cna": {"title": "Stored XSS in Time Entry Audit Trail", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Petar Sever (The Missing Link)"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ConnectWise", "modules": ["PSA Web Application and PSA Desktop Client"], "product": "PSA", "versions": [{"status": "affected", "version": "All versions prior to 2026.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Cloud\nCloud instances are automatically being updated to the latest ConnectWise PSA release.\n\nOn-premise\nApply the 2026.1 release patches and ensure all desktop clients are up to date.", "supportingMedia": [{"type": "text/html", "value": "<b>Cloud</b><br>Cloud instances are automatically being updated to the latest ConnectWise PSA release.<br><br><b>On-premise</b><br>Apply the 2026.1 release patches and ensure all desktop clients are up to date.<br>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.connectwise.com/company/trust/security-bulletins/2026-01-15-psa-security-fix"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user\u2019s browser when the affected content is displayed.", "supportingMedia": [{"type": "text/html", "value": "In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user\u2019s browser when the affected content is displayed.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49", "shortName": "ConnectWise", "dateUpdated": "2026-01-16T13:34:42.833Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0695", "state": "PUBLISHED", "dateUpdated": "2026-01-16T14:07:48.888Z", "dateReserved": "2026-01-07T21:31:57.230Z", "assignerOrgId": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49", "datePublished": "2026-01-16T13:34:42.833Z", "assignerShortName": "ConnectWise"}, "dataVersion": "5.2"}