ConnectWise warns of critical ScreenConnect vulnerability

Bleeping Computer reports that ConnectWise has issued a critical security warning to its ScreenConnect customers regarding a cryptographic signature verification vulnerability, identified as CVE-2026-3564. This flaw, affecting versions prior to 26.1, could allow attackers to gain unauthorized access and escalate privileges within the remote access platform.

The vulnerability enables attackers to extract and misuse ASP.NET machine keys, facilitating unauthorized session authentication. ConnectWise stated that if these keys are disclosed, threat actors could manipulate protected values, leading to unauthorized access and actions. While cloud-hosted instances have been automatically updated, administrators of on-premises ScreenConnect deployments must upgrade to version 26.1 promptly.

ConnectWise has implemented stronger protection for machine keys, including encrypted storage, in the updated version. Although ConnectWise has no evidence of active exploitation in the wild for this specific vulnerability, there are claims of past exploitation by Chinese hackers and previous nation-state attacks exploiting similar flaws.

Source: Bleeping Computer