CVE-2026-6066

High

Published: 20 April 2026

Published

20 April 2026

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

EPSS Score 0.0001 0.9th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-6066 is a high-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Connectwise Automate. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 0.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-8 (Transmission Confidentiality and Integrity) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Adversary-in-the-Middle (T1557). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-8 Transmission Confidentiality and Integrity good match

prevent

Requires cryptographic mechanisms to protect confidentiality and integrity of transmitted information, directly preventing interception of unencrypted Solution Center client-to-server traffic.

SI-2 Flaw Remediation good match

prevent

Ensures timely flaw remediation by applying the ConnectWise Automate 2026.4 update that enforces secure communications for vulnerable Solution Center connections.

CM-6 Configuration Settings partial match

prevent

Mandates configuration settings that enforce encryption for client-to-server communications, addressing the cleartext transmission flaw in ConnectWise Automate Solution Center.

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access

Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.

attack.mitre.org →

Why these techniques?

Cleartext client-to-server communications (CWE-319) directly enable adversary-in-the-middle interception and limited modification of Solution Center traffic.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center traffic in Automate deployments.…

The issue has been resolved in Automate 2026.4 by enforcing secure communication for affected Solution Center connections.

Deeper analysisAI

CVE-2026-6066 is a vulnerability in ConnectWise Automate that affects the Solution Center component, where certain client-to-server communications could occur without transport-layer encryption. This flaw, classified under CWE-319 (Cleartext Transmission of Sensitive Information), enables network-based interception of Solution Center traffic in affected Automate deployments prior to version 2026.4. The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N), indicating high confidentiality impact with low integrity impact and no availability impact.

An attacker with low privileges (PR:L) can exploit this over the network (AV:N) with low complexity (AC:L) and no user interaction required (UI:N). Successful exploitation allows interception of sensitive Solution Center traffic, potentially exposing confidential data, while enabling limited integrity modifications.

ConnectWise advisories recommend updating to Automate 2026.4, which resolves the issue by enforcing secure communication for affected Solution Center connections. Additional details are available in the ConnectWise security bulletin at https://www.connectwise.com/company/trust/security-bulletins/2026-04-20-connectwise-automate-bulletin.