Security bulletins

ConnectWise uses various methods to communicate security vulnerability information to customers. A Security Bulletin is used when publicly disclosing security vulnerabilities discovered in ConnectWise offerings.

Alternative tools and processes are used, where appropriate, when targeted or discrete communication with entitled customers is required. To protect our customers, ConnectWise does not publicly disclose or confirm security vulnerabilities until ConnectWise has conducted an analysis of the product and has issued fixes and/or mitigations.

Security Bulletins notify customers about one or more vulnerabilities. These bulletins provide guidance to assist customers in assessing the impact of any actual or potential security vulnerability in the context of their environment.


We have created an RSS feed for these security bulletins. As bulletins get posted to this page, the RSS feed will be updated. Paste this link into your RSS feed reader to get updates. New to setting up RSS, or need help with RSS feeds? Here are some helpful articles to get you started:
What are RSS feeds? | How to Set Up an RSS Feed in Microsoft Outlook 2019 | Chrome Extensions: RSS Readers

Filter By:
ConnectWise Automate 2024.3 security fix
ConnectWise Automate server version 2024.2 and earlier versions have been identified as vulnerable to blind SQL injection (time-based) within the API
ConnectWise ScreenConnect 23.9.8 security fix
We've received notifications of suspicious activity that our incident response team has investigated.
ConnectWise ScreenConnect 23.8 Security Fix
ConnectWise ScreenConnect, ConnectWise Automate (cloud instances only where ScreenConnect is installed)
ConnectWise PSA 2022.2 Security Fix
ConnectWise PSA™ versions 2022.2 and earlier are impacted.
ConnectWise Automate 2023.5 Security Fix
ConnectWise Automate versions 2023.4 and earlier are impacted.
ConnectWise Automate 2023.1 Security Fix
ConnectWise Automate versions 2022.12 and earlier are impacted.
ConnectWise Automate 2022.11 Security Fix
ConnectWise Automate versions 2022.10 and earlier are impacted.
ConnectWise BCDR and R1Soft Server Backup Manager Critical Security Release
ConnectWise BCDR (formerly Recover): Recover v2.9.7 and earlier versions are impacted. R1Soft: SBM v6.16.3 and earlier versions are impacted.