ConnectWise ScreenConnect closes critical access vulnerability
In ConnectWise's ScreenConnect, attackers from the network can exploit a vulnerability to gain unauthorized remote access.
(Image: heise online / dmk)
A critical security vulnerability in ConnectWise's remote maintenance software ScreenConnect allows attackers unauthorized access. Unauthorized actors can read information and misuse it to gain access.
In a security notice, ConnectWise warns about the vulnerability. ScreenConnect stores the individual machine keys per instance in the server configuration files. Under unspecified circumstances, these can be read by unauthorized attackers and misused for authentication of sessions, explain the developers (CVE-2026-3564, CVSS 9.0, risk “critical”). Contrary to the risk classification according to CVSS standard, ConnectWise assesses the vulnerability as “important” and assigns priority level “1,” “High.” According to the information, ConnectWise only classifies vulnerabilities as “important” that can compromise confidential data or other resources but require additional access or rights.
All older versions of ScreenConnect are apparently affected by the vulnerability. Only version ScreenConnect 26.1, therefore, brings improved protection measures for handling machine keys. The developers emphasize that this includes encrypted storage and management, which reduces the risk of unauthorized access in case the integrity of the server is compromised. Apparently, the storage was not previously encrypted.
ScreenConnect: Updated Version
The current version of ScreenConnect is available for download on the ConnectWise download page. Partners using integration via Automate will receive the update via the Automate product update website.
Videos by heise
In the remote maintenance software ScreenConnect, a critical security vulnerability was last detected in mid-December of last year. Logged-in attackers could thereby inject and execute malicious code.
(dmk)
