ConnectWise has issued an advisory for a critical vulnerability in ScreenConnect, tracked as CVE-2026-3564. This flaw involves a cryptographic signature verification issue that could allow attackers to extract ASP.NET machine keys, leading to unauthorized session authentication and privilege escalation. The vulnerability affects all versions prior to 26.1 and poses a significant risk to on-premise deployments.
While ConnectWise has automatically patched cloud-hosted instances, on-premise administrators are urged to upgrade to version 26.1 immediately. Although the vendor states there is no confirmed evidence of active exploitation, some security researchers suggest the flaw may have been leveraged in past campaigns. Beyond upgrading, users are advised to secure configuration files and monitor logs for suspicious authentication activity.
Top comments (0)