CVE-2026-3564 (GCVE-0-2026-3564)

Vulnerability from cvelistv5 – Published: 2026-03-17 14:48 – Updated: 2026-07-09 17:20
VLAI
Title
ScreenConnect Instance Level Cryptographic Material Exposure
Summary
A condition in the ScreenConnect server component may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. ScreenConnect host and guest client agents are not independently affected by this CVE.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
Impacted products
Vendor Product Version
ConnectWise ScreenConnect Affected: All server versions prior to 26.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3564",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-17T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-18T03:55:41.186Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Server component",
            "Server authentication cryptographic material handling"
          ],
          "product": "ScreenConnect",
          "vendor": "ConnectWise",
          "versions": [
            {
              "status": "affected",
              "version": "All server versions prior to 26.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eA condition in the ScreenConnect server component may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. ScreenConnect host and guest client agents are not independently affected by this CVE.\u003c/p\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003c/div\u003e"
            }
          ],
          "value": "A condition in the ScreenConnect server component may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. ScreenConnect host and guest client agents are not independently affected by this CVE."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347 Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-09T17:20:18.051Z",
        "orgId": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49",
        "shortName": "ConnectWise"
      },
      "references": [
        {
          "url": "https://www.connectwise.com/company/trust/security-bulletins/2026-03-17-screenconnect-bulletin"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cb\u003eCloud:\u0026nbsp;\u003c/b\u003eNo action is required. ScreenConnect servers hosted in\n\u201cscreenconnect.com\u201d cloud (standalone and Automate/RMM integrated) or\n\u201chostedrmm.com\u201d for Automate partners have been updated to remediate the\nissue.\u202f\u0026nbsp;\u003c/p\u003e\n\n\u003cp\u003e\u003cb\u003eOn-premise\u003c/b\u003e\u0026nbsp;\u003cb\u003eScreenConnect\u003c/b\u003e \u003cb\u003ePartners:\u003c/b\u003e\u003c/p\u003e\n\n\n\n\u003cp\u003ePlease upgrade to ScreenConnect Server version 26.1. Visit \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.screenconnect.com/download\"\u003eDownload\n| ScreenConnect\u003c/a\u003e page to download and apply the update \u003ci\u003e(access\nrequires a valid on-premises license)\u003c/i\u003e.\u0026nbsp;\u003c/p\u003e\n\n\n\n\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIf your license is out of maintenance, you must \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.connectwise.com/ScreenConnect_Documentation/On-premises/On-premises_licensing/Renew_or_upgrade_an_on-premises_license\"\u003eupgrade your license\u003c/a\u003e\u0026nbsp;before installing\nthe latest supported release of ScreenConnect. \u003c/li\u003e\u003cli\u003eFor\ninstructions on updating to the newest release, please reference this\ndoc: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.connectwise.com/ConnectWise_ScreenConnect_Documentation/On-premises/Get_started_with_ConnectWise_ScreenConnect_On-Premise/Upgrade_an_on-premises_installation\"\u003eUpgrade an on-premise\ninstallation - ConnectWise\u003c/a\u003e\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n\n\n\n\n\n\n\u003cp\u003e\u003cb\u003eAutomate On-Prem Partners with ScreenConnect\nIntegration\u003c/b\u003e:\u003c/p\u003e\n\n\u003cp\u003eFor partners using an on-premises ScreenConnect\ninstallation integrated with Automate, ScreenConnect 26.1 is available through\nthe \u003ca href=\"https://docs.connectwise.com/ConnectWise_Automate_Documentation/Automate_Product_Updates\"\u003eAutomate Product Updates\u003c/a\u003e page.\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\n\n\u003cp\u003eLink to release\nnotes: \u003ca href=\"https://screenconnect.product.connectwise.com/communities/26/topics/5088-screenconnect-261\"\u003eScreenConnect 26.1 / ScreenConnect\u003c/a\u003e\u003c/p\u003e"
            }
          ],
          "value": "Cloud:\u00a0No action is required. ScreenConnect servers hosted in\n\u201cscreenconnect.com\u201d cloud (standalone and Automate/RMM integrated) or\n\u201chostedrmm.com\u201d for Automate partners have been updated to remediate the\nissue.\u202f\u00a0\n\n\n\n\n\nOn-premise\u00a0ScreenConnect Partners:\n\n\n\n\n\n\n\nPlease upgrade to ScreenConnect Server version 26.1. Visit Download\n| ScreenConnect page to download and apply the update (access\nrequires a valid on-premises license).\u00a0\n\n\n\n\n\n\n\n\n\n  *  If your license is out of maintenance, you must  upgrade your license https://docs.connectwise.com/ScreenConnect_Documentation/On-premises/On-premises_licensing/Renew_or_upgrade_an_on-premises_license \u00a0before installing\nthe latest supported release of ScreenConnect. \n  *  For\ninstructions on updating to the newest release, please reference this\ndoc: Upgrade an on-premise\ninstallation - ConnectWise\u00a0\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nAutomate On-Prem Partners with ScreenConnect\nIntegration:\n\n\n\n\n\nFor partners using an on-premises ScreenConnect\ninstallation integrated with Automate, ScreenConnect 26.1 is available through\nthe  Automate Product Updates https://docs.connectwise.com/ConnectWise_Automate_Documentation/Automate_Product_Updates  page.\n\n\n\n\n\n\n\n\n\n\nLink to release\nnotes:  ScreenConnect 26.1 / ScreenConnect https://screenconnect.product.connectwise.com/communities/26/topics/5088-screenconnect-261"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "ScreenConnect Instance Level Cryptographic Material Exposure",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49",
    "assignerShortName": "ConnectWise",
    "cveId": "CVE-2026-3564",
    "datePublished": "2026-03-17T14:48:59.940Z",
    "dateReserved": "2026-03-04T20:04:12.757Z",
    "dateUpdated": "2026-07-09T17:20:18.051Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-3564",
      "date": "2026-07-14",
      "epss": "0.00362",
      "percentile": "0.28349"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-3564\",\"sourceIdentifier\":\"7d616e1a-3288-43b1-a0dd-0a65d3e70a49\",\"published\":\"2026-03-17T15:16:19.253\",\"lastModified\":\"2026-07-09T18:16:51.930\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A condition in the ScreenConnect server component may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. ScreenConnect host and guest client agents are not independently affected by this CVE.\"},{\"lang\":\"es\",\"value\":\"Una condici\u00f3n en ScreenConnect podr\u00eda permitir a un actor con acceso a material criptogr\u00e1fico a nivel de servidor utilizado para la autenticaci\u00f3n obtener acceso no autorizado, incluyendo privilegios elevados, en ciertos escenarios.\"}],\"affected\":[{\"source\":\"7d616e1a-3288-43b1-a0dd-0a65d3e70a49\",\"affectedData\":[{\"vendor\":\"ConnectWise\",\"product\":\"ScreenConnect\",\"defaultStatus\":\"unaffected\",\"modules\":[\"Server component\",\"Server authentication cryptographic material handling\"],\"versions\":[{\"version\":\"All server versions prior to 26.1\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"7d616e1a-3288-43b1-a0dd-0a65d3e70a49\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":6.0}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-03-17T00:00:00+00:00\",\"id\":\"CVE-2026-3564\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"7d616e1a-3288-43b1-a0dd-0a65d3e70a49\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-347\"}]}],\"references\":[{\"url\":\"https://www.connectwise.com/company/trust/security-bulletins/2026-03-17-screenconnect-bulletin\",\"source\":\"7d616e1a-3288-43b1-a0dd-0a65d3e70a49\"}]}}",
    "redhat_vex": {
      "current_release_date": "2026-03-27T07:36:25+00:00",
      "cve": "CVE-2026-3564",
      "id": "CVE-2026-3564",
      "initial_release_date": "2026-01-01T00:00:00+00:00",
      "product_status:known_not_affected": "1",
      "source": "Red Hat CSAF VEX",
      "status": "final",
      "title": "ScreenConnect Instance Level Cryptographic Material Exposure",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3564.json",
      "version": "3"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-3564\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-17T15:24:40.438030Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-17T15:24:45.359Z\"}}], \"cna\": {\"title\": \"ScreenConnect Instance Level Cryptographic Material Exposure\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"ConnectWise\", \"modules\": [\"Server component\", \"Server authentication cryptographic material handling\"], \"product\": \"ScreenConnect\", \"versions\": [{\"status\": \"affected\", \"version\": \"All server versions prior to 26.1\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Cloud:\\u00a0No action is required. ScreenConnect servers hosted in\\n\\u201cscreenconnect.com\\u201d cloud (standalone and Automate/RMM integrated) or\\n\\u201chostedrmm.com\\u201d for Automate partners have been updated to remediate the\\nissue.\\u202f\\u00a0\\n\\n\\n\\n\\n\\nOn-premise\\u00a0ScreenConnect Partners:\\n\\n\\n\\n\\n\\n\\n\\nPlease upgrade to ScreenConnect Server version 26.1. Visit Download\\n| ScreenConnect page to download and apply the update (access\\nrequires a valid on-premises license).\\u00a0\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n  *  If your license is out of maintenance, you must  upgrade your license https://docs.connectwise.com/ScreenConnect_Documentation/On-premises/On-premises_licensing/Renew_or_upgrade_an_on-premises_license \\u00a0before installing\\nthe latest supported release of ScreenConnect. \\n  *  For\\ninstructions on updating to the newest release, please reference this\\ndoc: Upgrade an on-premise\\ninstallation - ConnectWise\\u00a0\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\nAutomate On-Prem Partners with ScreenConnect\\nIntegration:\\n\\n\\n\\n\\n\\nFor partners using an on-premises ScreenConnect\\ninstallation integrated with Automate, ScreenConnect 26.1 is available through\\nthe  Automate Product Updates https://docs.connectwise.com/ConnectWise_Automate_Documentation/Automate_Product_Updates  page.\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\nLink to release\\nnotes:  ScreenConnect 26.1 / ScreenConnect https://screenconnect.product.connectwise.com/communities/26/topics/5088-screenconnect-261\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\\n\\n\u003cp\u003e\u003cb\u003eCloud:\u0026nbsp;\u003c/b\u003eNo action is required. ScreenConnect servers hosted in\\n\\u201cscreenconnect.com\\u201d cloud (standalone and Automate/RMM integrated) or\\n\\u201chostedrmm.com\\u201d for Automate partners have been updated to remediate the\\nissue.\\u202f\u0026nbsp;\u003c/p\u003e\\n\\n\u003cp\u003e\u003cb\u003eOn-premise\u003c/b\u003e\u0026nbsp;\u003cb\u003eScreenConnect\u003c/b\u003e \u003cb\u003ePartners:\u003c/b\u003e\u003c/p\u003e\\n\\n\\n\\n\u003cp\u003ePlease upgrade to ScreenConnect Server version 26.1. Visit \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.screenconnect.com/download\\\"\u003eDownload\\n| ScreenConnect\u003c/a\u003e page to download and apply the update \u003ci\u003e(access\\nrequires a valid on-premises license)\u003c/i\u003e.\u0026nbsp;\u003c/p\u003e\\n\\n\\n\\n\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIf your license is out of maintenance, you must \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://docs.connectwise.com/ScreenConnect_Documentation/On-premises/On-premises_licensing/Renew_or_upgrade_an_on-premises_license\\\"\u003eupgrade your license\u003c/a\u003e\u0026nbsp;before installing\\nthe latest supported release of ScreenConnect. \u003c/li\u003e\u003cli\u003eFor\\ninstructions on updating to the newest release, please reference this\\ndoc: \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://docs.connectwise.com/ConnectWise_ScreenConnect_Documentation/On-premises/Get_started_with_ConnectWise_ScreenConnect_On-Premise/Upgrade_an_on-premises_installation\\\"\u003eUpgrade an on-premise\\ninstallation - ConnectWise\u003c/a\u003e\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\\n\\n\\n\\n\\n\\n\\n\\n\u003cp\u003e\u003cb\u003eAutomate On-Prem Partners with ScreenConnect\\nIntegration\u003c/b\u003e:\u003c/p\u003e\\n\\n\u003cp\u003eFor partners using an on-premises ScreenConnect\\ninstallation integrated with Automate, ScreenConnect 26.1 is available through\\nthe \u003ca href=\\\"https://docs.connectwise.com/ConnectWise_Automate_Documentation/Automate_Product_Updates\\\"\u003eAutomate Product Updates\u003c/a\u003e page.\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\\n\\n\u003cp\u003eLink to release\\nnotes: \u003ca href=\\\"https://screenconnect.product.connectwise.com/communities/26/topics/5088-screenconnect-261\\\"\u003eScreenConnect 26.1 / ScreenConnect\u003c/a\u003e\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.connectwise.com/company/trust/security-bulletins/2026-03-17-screenconnect-bulletin\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A condition in the ScreenConnect server component may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. ScreenConnect host and guest client agents are not independently affected by this CVE.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eA condition in the ScreenConnect server component may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. ScreenConnect host and guest client agents are not independently affected by this CVE.\u003c/p\u003e\\n\\n\u003c/div\u003e\\n\\n\u003c/div\u003e\\n\\n\u003c/div\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-347\", \"description\": \"CWE-347 Improper Verification of Cryptographic Signature\"}]}], \"providerMetadata\": {\"orgId\": \"7d616e1a-3288-43b1-a0dd-0a65d3e70a49\", \"shortName\": \"ConnectWise\", \"dateUpdated\": \"2026-07-09T17:20:18.051Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-3564\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-09T17:20:18.051Z\", \"dateReserved\": \"2026-03-04T20:04:12.757Z\", \"assignerOrgId\": \"7d616e1a-3288-43b1-a0dd-0a65d3e70a49\", \"datePublished\": \"2026-03-17T14:48:59.940Z\", \"assignerShortName\": \"ConnectWise\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…