CVE-2026-3564
Received Received - Intake
Unauthorized Access via Cryptographic Material Exposure in ScreenConnect

Publication date: 2026-03-17

Last updated on: 2026-03-17

Assigner: ConnectWise

Description
A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-17
Last Modified
2026-03-17
Generated
2026-06-16
AI Q&A
2026-03-17
EPSS Evaluated
2026-06-15
NVD
CVE-2026-3564
EUVD
EUVD-2026-12574
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
connectwise screenconnect to 26.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-347 The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-3564 is a critical security vulnerability in ConnectWise ScreenConnect versions prior to 26.1 caused by improper verification of cryptographic signatures (CWE-347). Earlier versions stored unique machine keys per instance within server configuration files without adequate protection. This flaw allows an unauthorized actor who gains access to these server-level cryptographic materials to extract them and misuse them for session authentication.

This misuse can lead to unauthorized access, including elevated privileges, compromising the confidentiality, integrity, and availability of the system.

ScreenConnect version 26.1 addresses this issue by introducing encrypted storage and improved management of machine keys, significantly reducing the risk of unauthorized access even if the server is compromised.

Impact Analysis

This vulnerability can have severe impacts including unauthorized access to the system with potentially elevated privileges.

An attacker exploiting this flaw could compromise the confidentiality, integrity, and availability of your system, leading to exposure or manipulation of sensitive data and disruption of services.

Because the attack vector is network-based and requires no privileges or user interaction, it poses a significant risk especially in on-premises deployments.

Immediate remediation by upgrading to ScreenConnect version 26.1 is recommended to mitigate these risks.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

Immediate remediation is recommended to mitigate this vulnerability.

  • For on-premises ScreenConnect deployments, upgrade to version 26.1 as soon as possible.
  • If your license is out of maintenance, renew it before upgrading.
  • Partners using ScreenConnect integrated with ConnectWise Automate can obtain version 26.1 through the Automate Product Updates page.
  • For cloud deployments, no action is required.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3564. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart