Critical Vulnerability in ConnectWise ScreenConnect Allows Unauthorized Access

Critical Vulnerability in ConnectWise ScreenConnect Allows Unauthorized Access

First seen 18 Mar 2026, 14:57 UTC Digital.Nhs.UkCybersecuritynewsBleepingcomputerCrnGbhackers+2 87% similarity 74.6

Article Content

Browse articles
ThreatCluster

ConnectWise has released a patch for its ScreenConnect remote support tool to address a critical vulnerability, tracked as CVE-2026-3564, that could allow unauthorized access and privilege escalation. This flaw affects all versions prior to 26.1 and involves the extraction of server-level cryptographic material used for session authentication. Attackers could exploit this vulnerability to hijack sessions and perform unauthorized actions. The National Institute of Standards and Technology (NIST) has classified this vulnerability as critical, indicating a high risk of exploitation in the wild. ConnectWise has urged its customers, particularly managed service providers (MSPs), to upgrade to version 26.1 immediately. While there are claims of past exploitation by state-sponsored actors, ConnectWise currently has no evidence of active exploitation of this specific vulnerability. MSPs managing on-premises deployments must take prompt action to secure their systems. The vulnerability was publicly disclosed on March 17, 2026.

Key Points: • CVE-2026-3564 allows unauthorized access via cryptographic signature verification flaws. • ConnectWise ScreenConnect versions prior to 26.1 are affected and need immediate patching. • No confirmed active exploitation has been reported, but the risk remains high.

ThreatCluster AI

Timeline

2025-04-25
CVE-2025-3935 published
2026-03-17
CVE-2026-3564 published
2026-03-18
ConnectWise releases patch for ScreenConnect version 26.1
2026-03-18
ConnectWise warns of potential exploitation attempts in the wild

Community

Browse all →