What is GHSA-whv3-47vh-qhwp?

GHSA-whv3-47vh-qhwp is a security advisory published by GitHub Security Advisories with High severity. The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained...

Which CVE IDs does GHSA-whv3-47vh-qhwp cover?

GHSA-whv3-47vh-qhwp covers the following CVE IDs: CVE-2026-9089. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-whv3-47vh-qhwp?

GHSA-whv3-47vh-qhwp has a CVSS v3 base score of 8.8, published by GitHub Security Advisories.

GHSA-whv3-47vh-qhwpHighCVSS 8.8

The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained...

Vendor

GitHub Security Advisories

Published

May 21, 2026

Last Modified

May 21, 2026

🔗 CVE IDs covered (1)

CVE-2026-9089 →

📋 Description

The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-9089
https://www.connectwise.com/company/trust/security-bulletins/2026-05-21-connectwise-automate-bulletin
https://github.com/advisories/GHSA-whv3-47vh-qhwp