Read the original article at https://www.connectwise.com/company/trust/security-bulletins/2026-01-15-psa-security-fix
In ConnectWise PSA versions prior to 2026.1, one condition in Time Entry note handling could permit stored script execution in both the PSA web client and PSA Desktop, and a separate condition could allow client-side access to certain session cookies.
Read the original article at https://www.connectwise.com/company/trust/security-bulletins/2026-01-15-psa-security-fix