ScreenConnect Instance Level Cryptographic Material Exposure
Summary
| CVE | CVE-2026-3564 |
|---|---|
| State | PUBLISHED |
| Assigner | ConnectWise |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-03-17 15:16:19 UTC |
| Updated | 2026-07-09 18:16:51 UTC |
| Description | A condition in the ScreenConnect server component may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. ScreenConnect host and guest client agents are not independently affected by this CVE. |
Risk And Classification
Primary CVSS: v3.1 9 CRITICAL from 7d616e1a-3288-43b1-a0dd-0a65d3e70a49
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS: 0.003620000 probability, percentile 0.283410000 (date 2026-07-13)
Problem Types: CWE-347 | CWE-347 CWE-347 Improper Verification of Cryptographic Signature
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | 7d616e1a-3288-43b1-a0dd-0a65d3e70a49 | Secondary | 9 | CRITICAL | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
| 3.1 | CNA | CVSS | 9 | CRITICAL | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
CVSS v3.1 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | ConnectWise | ScreenConnect | affected All server versions prior to 26.1 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.connectwise.com/company/trust/security-bulletins/2026-03-17-screenconnect-bul... | 7d616e1a-3288-43b1-a0dd-0a65d3e70a49 | www.connectwise.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Additional Advisory Data
Solutions
CNA: Cloud: No action is required. ScreenConnect servers hosted in “screenconnect.com” cloud (standalone and Automate/RMM integrated) or “hostedrmm.com” for Automate partners have been updated to remediate the issue. On-premise ScreenConnect Partners: Please upgrade to ScreenConnect Server version 26.1. Visit Download | ScreenConnect page to download and apply the update (access requires a valid on-premises license). * If your license is out of maintenance, you must upgrade your license https://docs.connectwise.com/ScreenConnect_Documentation/On-premises/On-premises_licensing/Renew_or_upgrade_an_on-premises_license before installing the latest supported release of ScreenConnect. * For instructions on updating to the newest release, please reference this doc: Upgrade an on-premise installation - ConnectWise Automate On-Prem Partners with ScreenConnect Integration: For partners using an on-premises ScreenConnect installation integrated with Automate, ScreenConnect 26.1 is available through the Automate Product Updates https://docs.connectwise.com/ConnectWise_Automate_Documentation/Automate_Product_Updates page. Link to release notes: ScreenConnect 26.1 / ScreenConnect https://screenconnect.product.connectwise.com/communities/26/topics/5088-screenconnect-261