CVE-2026-0696

EPSS 0.35%
Veröffentlicht 16.01.2026 13:34:49
Zuletzt bearbeitet 27.01.2026 13:15:54
Quelle 7d616e1a-3288-43b1-a0dd-0a65d3
CVE-Watchlists
Login
Unerledigt
Login

Session Cookies Missing HttpOnly Attribute

In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Connectwise ≫ Professional Service Automation Version < 2026.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.35%	0.268

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
7d616e1a-3288-43b1-a0dd-0a65d3e70a49	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-1004 Sensitive Cookie Without 'HttpOnly' Flag

The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.

https://www.connectwise.com/company/trust/security-bulletins/2026-01-15-psa-security-fix

Vendor Advisory

https://www.themissinglink.com.au/security-advisories/cve-2026-0696

https://nvd.nist.gov/vuln/detail/CVE-2026-0696

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-0696

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-0696

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-0696