CVE-2026-3564
Unauthorized Access via Cryptographic Material Exposure in ScreenConnect
Publication date: 2026-03-17
Last updated on: 2026-03-17
Assigner: ConnectWise
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| connectwise | screenconnect | to 26.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3564 is a critical security vulnerability in ConnectWise ScreenConnect versions prior to 26.1 caused by improper verification of cryptographic signatures (CWE-347). Earlier versions stored unique machine keys per instance within server configuration files without adequate protection. This flaw allows an unauthorized actor who gains access to these server-level cryptographic materials to extract them and misuse them for session authentication.
This misuse can lead to unauthorized access, including elevated privileges, compromising the confidentiality, integrity, and availability of the system.
ScreenConnect version 26.1 addresses this issue by introducing encrypted storage and improved management of machine keys, significantly reducing the risk of unauthorized access even if the server is compromised.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized access to the system with potentially elevated privileges.
An attacker exploiting this flaw could compromise the confidentiality, integrity, and availability of your system, leading to exposure or manipulation of sensitive data and disruption of services.
Because the attack vector is network-based and requires no privileges or user interaction, it poses a significant risk especially in on-premises deployments.
Immediate remediation by upgrading to ScreenConnect version 26.1 is recommended to mitigate these risks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
Immediate remediation is recommended to mitigate this vulnerability.
- For on-premises ScreenConnect deployments, upgrade to version 26.1 as soon as possible.
- If your license is out of maintenance, renew it before upgrading.
- Partners using ScreenConnect integrated with ConnectWise Automate can obtain version 26.1 through the Automate Product Updates page.
- For cloud deployments, no action is required.