Description
A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios.
Published: 2026-03-17
Score: 9 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access and Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

A condition in ScreenConnect allows an actor who gains access to the server‑level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges. This vulnerability is tied to the improper handling or exposure of authentication keys, which the vendor identifies as CWE‑347. The resulting impact can elevate an attacker’s capabilities from simple authentication bypass to full administrative control over the affected instance.

Affected Systems

The vulnerability affects ConnectWise ScreenConnect installations, including cloud‑hosted services (screenconnect.com and hostedrmm.com) and on‑premise deployments. Vendor guidance indicates that any on‑premise instance running a version older than 26.1 is vulnerable, as the fix is delivered in ScreenConnect 26.1. On‑premise integrations with Automate also require updating to 26.1 via the Automate Product Updates portal.

Risk and Exploitability

The CVSS score of 9 denotes a critical severity. While the EPSS score is not available, the requirement of accessing server‑level cryptographic material suggests that the exploit is most likely possible only after an actor has compromised the host or obtained privileged credentials. The vulnerability is not currently listed in the CISA KEV catalog, but the high CVSS, possible internal or remote exploitation, and potential for full system compromise warrant immediate securing actions.

Generated by OpenCVE AI on March 17, 2026 at 16:45 UTC.

Remediation

Vendor Solution

Cloud: No action is required. ScreenConnect servers hosted in “screenconnect.com” cloud (standalone and Automate/RMM integrated) or “hostedrmm.com” for Automate partners have been updated to remediate the issue.   On-premise ScreenConnect Partners: Please upgrade to ScreenConnect version 26.1. Visit Download | ScreenConnect page to download and apply the update (access requires a valid on-premises license).  * If your license is out of maintenance, you must upgrade your license https://docs.connectwise.com/ScreenConnect_Documentation/On-premises/On-premises_licensing/Renew_or_upgrade_an_on-premises_license  before installing the latest supported release of ScreenConnect. * For instructions on updating to the newest release, please reference this doc: Upgrade an on-premise installation - ConnectWise  Automate On-Prem Partners with ScreenConnect Integration: For partners using an on-premises ScreenConnect installation integrated with Automate, ScreenConnect 26.1 is available through the Automate Product Updates https://docs.connectwise.com/ConnectWise_Automate_Documentation/Automate_Product_Updates page. Link to release notes: ScreenConnect 26.1 / ScreenConnect https://screenconnect.product.connectwise.com/communities/26/topics/5088-screenconnect-261

OpenCVE Recommended Actions

  • Update all on‑premise ScreenConnect installations to version 26.1 or later.
  • If the on‑premise license is out of maintenance, renew or upgrade the license before installing the latest release.
  • For on‑premise installations integrated with Automate, retrieve the 26.1 update from the Automate Product Updates portal.
  • If patching cannot be performed immediately, enforce strict access controls on server‑level cryptographic material and monitor logs for suspicious activity.

Generated by OpenCVE AI on March 17, 2026 at 16:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Connectwise
Connectwise screenconnect
Vendors & Products Connectwise
Connectwise screenconnect

Tue, 17 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Description A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios.
Title ScreenConnect Instance Level Cryptographic Material Exposure
Weaknesses CWE-347
References
Metrics cvssV3_1

{'score': 9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Connectwise Screenconnect
cve-icon MITRE

Status: PUBLISHED

Assigner: ConnectWise

Published:

Updated: 2026-03-18T03:55:41.186Z

Reserved: 2026-03-04T20:04:12.757Z

Link: CVE-2026-3564

cve-icon Vulnrichment

Updated: 2026-03-17T15:24:45.359Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-17T15:16:19.253

Modified: 2026-03-18T14:52:44.227

Link: CVE-2026-3564

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:49:16Z

Weaknesses