CVE-2026-3564

Received

Published: 17 Mar 2026, 14:48

Last modified:17 Mar 2026, 15:24

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9 CRITICAL

v3.1 (cve.org)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

17 Mar 2026, 14:48

Published

Vulnerability first disclosed

17 Mar 2026, 15:24

Last Modified

Vulnerability information updated

Description

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios.

CVSS Metrics

v3.1•CRITICAL•Score: 9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Techniques & Countermeasures

CWE-347•Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Affected Systems

connectwise•screenconnect
All versions prior to 26.1

References (1)

https://www.connectwise.com/company/trust/security-bulletins/2026-03-17-screenconnect-bulletin