High severity8.8NVD Advisory· Published May 21, 2026· Updated May 22, 2026
CVE-2026-9089
CVE-2026-9089
Description
The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <= 2026.4
Patches
Vulnerability mechanics
References
1News mentions
2- ⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and MoreThe Hacker News · Jun 1, 2026
- ConnectWise Automate Vulnerability Let Attackers Bypass Security ChecksCyber Security News · May 26, 2026