ConnectWise Releases Security Update for ScreenConnect

CVE-2026-3564 could allow an attacker to obtain unauthorised access, including elevated privileges

Threat ID:: CC-4756
Threat Severity:: Medium
Published:: 18 March 2026 1:32 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

CVE-2026-3564 could allow an attacker to obtain unauthorised access, including elevated privileges

Affected platforms

The following platforms are known to be affected:

Versions: All prior to 26.1

Connectwise ScreenConnect

Threat details

Introduction

ConnectWise has released a security update to address a vulnerability in ConnectWise ScreenConnect.

CVE-2026-3564 - 'Improper Verification of Cryptographic Signature' Vulnerability - CVSSv3 score: 9.0

ConnectWise state that this vulnerability is either being targeted or at higher risk of being targeted by exploits in the wild.

Remediation advice

Affected organisations are encouraged to review ConnectWise's ScreenConnect 26.1 Security Hardening advisory and apply the relevant updates as soon as practicable.

Definitive source of threat updates

CVE Vulnerabilities

Status Published

CVE-2026-3564

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios.

Last edited: 18 March 2026 1:39 pm