ZeroPath at Black Hat USA 2026

Brief Summary: ConnectWise Automate Agent CVE-2026-9089 — Integrity Verification Bypass in Plugin Loading and Self Update

A short review of CVE-2026-9089, a high severity vulnerability in the ConnectWise Automate Agent where plugin loading and self update operations fail to fully verify component authenticity, potentially enabling code execution from an adjacent network position.

CVE Analysis

6 min read

ZeroPath CVE Analysis
ZeroPath CVE Analysis

2026-05-21

Brief Summary: ConnectWise Automate Agent CVE-2026-9089 — Integrity Verification Bypass in Plugin Loading and Self Update
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

Managed service providers relying on ConnectWise Automate to orchestrate thousands of endpoints now face a new integrity verification gap in the agent's plugin loading and self update mechanisms. CVE-2026-9089, disclosed on May 21, 2026, carries a CVSS score of 8.8 and could allow an adjacent network attacker to substitute malicious components without needing any privileges or user interaction.

ConnectWise Automate is a remote monitoring and management (RMM) platform designed for enterprise scale managed service providers managing thousands of endpoints across complex organizational structures. It offers deep scripting engines and automation capabilities, making it a cornerstone tool in the MSP ecosystem. Because the Automate agent operates with high privileges across vast endpoint fleets, any vulnerability in its update or loading pipeline carries a significant blast radius.

Technical Information

CVE-2026-9089 falls under CWE-494: Download of Code Without Integrity Check. The core issue is that the ConnectWise Automate Agent does not fully verify the authenticity of components obtained during two critical operations: plugin loading and self update. Under certain conditions, components obtained during these operations may be processed without full integrity verification prior to loading.

CVSS Vector Breakdown

The full CVSS 3.1 vector is CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, which breaks down as follows:

MetricValueImplication
Attack VectorAdjacent (AV:A)Attacker must be on the local network or a shared physical/logical network segment
Attack ComplexityLow (AC:L)No special conditions or race conditions required
Privileges RequiredNone (PR:N)No authentication needed
User InteractionNone (UI:N)No victim action required
ScopeUnchanged (S:U)Impact is confined to the vulnerable component's security scope
ConfidentialityHigh (C:H)Full read access to the compromised endpoint
IntegrityHigh (I:H)Full write access, including code execution
AvailabilityHigh (A:H)Complete disruption of the endpoint is possible

Attack Flow

Based on the architectural behavior described in the public security bulletin, the exploitation path follows this general sequence:

  1. The attacker positions themselves on the same network segment as the target endpoint running the ConnectWise Automate Agent. This could be a shared LAN, VLAN, or other adjacent network topology.

  2. The Automate Agent initiates a plugin loading or self update operation. During this process, the agent retrieves components (plugins or update binaries) from a source.

  3. Because the agent does not fully verify the authenticity of these components, the attacker can intercept or substitute the legitimate components with malicious payloads. The adjacent network position enables techniques such as ARP spoofing or other local network manipulation to redirect or tamper with the component delivery.

  4. The agent loads the substituted malicious component without detecting the tampering, resulting in code execution with the privileges of the Automate Agent process.

  5. Given the high privilege level at which RMM agents typically operate, successful exploitation yields full compromise of the endpoint: complete access to data (confidentiality), the ability to modify system state (integrity), and the ability to disrupt operations (availability).

Limitations of Current Analysis

Public disclosures do not include specific proof of concept exploits, detailed indicators of compromise, or exact file paths affected by this vulnerability. Detailed remediation instructions and release notes are restricted behind a vendor single sign on portal. Our analysis is therefore limited to the architectural behavior described in the public security bulletin.

Affected Systems and Versions

All versions of ConnectWise Automate prior to version 2026.5 are affected. The fix is included in the Automate 2026.5 release.

Deployment TypeStatusAction Required
Cloud InstancesAlready updated to Automate 2026.5Verify version; no manual action needed
On Premises InstancesVulnerable if running any version prior to 2026.5Apply the 2026.5 release within 30 days of the bulletin

ConnectWise has assigned this vulnerability an "Important" severity rating with a "Priority 2 Moderate" status, indicating that while the risk is elevated, exploits are neither known nor anticipated to be imminent.

Defense in Depth Recommendations

While specific workarounds for CVE-2026-9089 are not detailed in the current bulletin, a similar past vulnerability in Automate (CVE-2025-11493) also involved a lack of integrity checks when downloading code. For that vulnerability, ConnectWise advised that partners running on premises servers should enforce HTTPS for all agent communications and ensure TLS 1.2 is enforced to maintain secure communications and mitigate interception attacks. Organizations should ensure these transport layer security measures remain active as a complementary defense.

Vendor Security History

ConnectWise has had to address multiple high severity issues across its product suite in recent months, with a recurring theme around cryptographic and integrity verification failures:

DateProductCVESummary
2025Automate 2025.9CVE-2025-11493Lack of integrity checks when downloading code, allowing potential interception attacks
March 17, 2026ScreenConnect 26.1CVE-2026-3564Issues related to how server level cryptographic material is protected
May 21, 2026Automate 2026.5CVE-2026-9089Agent does not fully verify the authenticity of components during plugin loading and self update

The recurrence of CWE-494 specifically in the Automate product line (both CVE-2025-11493 and CVE-2026-9089) suggests an architectural pattern in how the agent handles component retrieval and validation that has required multiple rounds of remediation. Organizations using ConnectWise products on premises should factor this history into their patch prioritization and consider whether additional network segmentation or monitoring around agent update traffic is warranted.

Current Threat Landscape

As of publication, there is no evidence of active exploitation. ConnectWise explicitly states that exploits are neither known nor anticipated to be imminent. CISA added seven new vulnerabilities to its Known Exploited Vulnerabilities Catalog on May 20, 2026, but CVE-2026-9089 is not among them. Current intelligence supports treating this as a high priority patch cycle rather than an active incident response scenario. Organizations should continue to monitor threat feeds for any changes to this assessment.

References

Detect & fix
what others miss

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
  • Jira
  • Linear
  • Slack
  • Security Compass
Security magnifying glass visualization