Critical Vulnerabilities in ConnectWise ScreenConnect Exploited in Active Attacks

Critical Vulnerabilities in ConnectWise ScreenConnect Exploited in Active Attacks

First seen 29 Apr 2026, 13:31 UTC Gbhackerswww.huntress.comnvd.nist.govCybersecuritynewsScworld+1 85% similarity 72.9

Article Content

Browse articles
ThreatCluster

ConnectWise ScreenConnect has been compromised by two critical vulnerabilities, CVE-2024-1708 and CVE-2024-1709, which allow attackers to bypass authentication and execute remote code. The vulnerabilities were disclosed on February 19, 2024, with CVE-2024-1709 rated critical (CVSS 10.0) for authentication bypass, and CVE-2024-1708 rated high (CVSS 8.4) for path traversal. Attackers can exploit these vulnerabilities to gain unauthorized access and execute malicious code on affected systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-1708 to its Known Exploited Vulnerabilities (KEV) catalog on April 28, 2026, confirming active exploitation in the wild. Organizations using versions 23.9.7 and earlier must urgently update to version 23.9.8 to mitigate these threats. The vulnerabilities have been linked to ongoing ransomware campaigns, emphasizing the need for immediate action.

Key Points: • CVE-2024-1708 and CVE-2024-1709 are critical vulnerabilities in ConnectWise ScreenConnect. • CISA confirmed active exploitation of CVE-2024-1708 on April 28, 2026. • Organizations must update to ScreenConnect version 23.9.8 to mitigate these vulnerabilities.

ThreatCluster AI

Timeline

2024-02-19
CVE-2024-1708 and CVE-2024-1709 disclosed by ConnectWise
2024-02-21
First public proof-of-concept for CVE-2024-1709 released
2024-02-22
CVE-2024-1709 added to CISA KEV catalog
2026-02-10
CVE-2026-21510 published
2026-04-14
CVE-2026-32202 published
2026-04-28
CVE-2024-1708 added to CISA KEV catalog due to active exploitation
2026-04-30
Huntress publishes detailed analysis of vulnerabilities

Community

Browse all →