ConnectWise ScreenConnect cryptographic signature bypass leading to unauthorized access fixed in version 26.1

First reported

18.03.2026 20:10

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A critical cryptographic signature verification vulnerability in ConnectWise ScreenConnect versions prior to 26.1 allows attackers to extract ASP.NET machine keys and forge authentication tokens, enabling unauthorized access and privilege escalation. The flaw, tracked as CVE-2026-3564, affects both cloud-hosted and on-premises deployments and has been observed being targeted in the wild. Exploitation results in unauthorized session authentication and potential compromise of managed systems accessed via ScreenConnect.

Timeline

18.03.2026 20:10 1 articles · 1h ago

ConnectWise patches CVE-2026-3564 in ScreenConnect 26.1 to prevent unauthorized access via machine key compromise
ConnectWise addressed CVE-2026-3564, a critical cryptographic signature verification flaw in ScreenConnect versions prior to 26.1. The vulnerability permitted attackers to extract ASP.NET machine keys and forge authentication tokens, enabling unauthorized access and privilege escalation. ConnectWise mitigated the issue by implementing encrypted storage and improved handling of machine keys starting with version 26.1. Cloud-hosted instances were automatically upgraded, but on-premises deployments must be updated manually. The vendor noted observed attempts to exploit disclosed machine key material in the wild but reported no confirmed active exploitation as of the advisory.
Show sources

ConnectWise patches new flaw allowing ScreenConnect hijacking — www.bleepingcomputer.com — 18.03.2026 20:10
Open in new tab

Information Snippets

CVE-2026-3564 impacts ScreenConnect versions before 26.1 and allows unauthorized access and privilege escalation via machine key compromise.
First reported: 18.03.2026 20:10

1 source, 1 article
Show sources
- ConnectWise patches new flaw allowing ScreenConnect hijacking — www.bleepingcomputer.com — 18.03.2026 20:10
The vulnerability enables threat actors to extract ASP.NET machine keys to generate or modify protected values accepted as valid by the ScreenConnect instance.
First reported: 18.03.2026 20:10

1 source, 1 article
Show sources
- ConnectWise patches new flaw allowing ScreenConnect hijacking — www.bleepingcomputer.com — 18.03.2026 20:10
ConnectWise mitigated the issue in ScreenConnect version 26.1 by introducing encrypted storage and improved handling of machine keys.
First reported: 18.03.2026 20:10

1 source, 1 article
Show sources
- ConnectWise patches new flaw allowing ScreenConnect hijacking — www.bleepingcomputer.com — 18.03.2026 20:10
Cloud-hosted ScreenConnect instances have been automatically upgraded to version 26.1, while on-premises deployments require manual upgrade.
First reported: 18.03.2026 20:10

1 source, 1 article
Show sources
- ConnectWise patches new flaw allowing ScreenConnect hijacking — www.bleepingcomputer.com — 18.03.2026 20:10
ConnectWise reported observing attempts to abuse disclosed ASP.NET machine key material in the wild, indicating active exploitation interest.
First reported: 18.03.2026 20:10

1 source, 1 article
Show sources
- ConnectWise patches new flaw allowing ScreenConnect hijacking — www.bleepingcomputer.com — 18.03.2026 20:10

Summary

Timeline

ConnectWise patches CVE-2026-3564 in ScreenConnect 26.1 to prevent unauthorized access via machine key compromise

Information Snippets