ConnectWise has warned that ScreenConnect versions before 26.1 contain a critical cryptographic signature verification vulnerability (CVE-2026-3564) that can expose ASP.NET machine keys and enable unauthorized session authentication and privilege escalation. The vendor patched the issue in ScreenConnect 26.1—cloud instances were auto-upgraded, but on‑premises administrators must update and follow hardening guidance immediately. #ScreenConnect #ConnectWise #CVE-2026-3564 #ASPNetMachineKey
Keypoints
- Critical cryptographic signature verification flaw (CVE-2026-3564) affects ScreenConnect versions before 26.1.
- An attacker could extract ASP.NET machine keys to generate or modify protected values and gain unauthorized session access and privilege escalation.
- ConnectWise addressed the issue in ScreenConnect 26.1 with encrypted storage and improved handling of machine keys.
- Cloud customers were automatically moved to the safe version, while on‑premises administrators must upgrade and tighten access to configs, backups, logs, and extensions.
- Researchers observed attempts to abuse disclosed machine key material, but ConnectWise reports no confirmed active exploitation or IoCs to share at this time.