{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-3564","assignerOrgId":"7d616e1a-3288-43b1-a0dd-0a65d3e70a49","state":"PUBLISHED","assignerShortName":"ConnectWise","dateReserved":"2026-03-04T20:04:12.757Z","datePublished":"2026-03-17T14:48:59.940Z","dateUpdated":"2026-03-18T03:55:41.186Z"},"containers":{"cna":{"providerMetadata":{"orgId":"7d616e1a-3288-43b1-a0dd-0a65d3e70a49","shortName":"ConnectWise","dateUpdated":"2026-03-17T14:48:59.940Z"},"title":"ScreenConnect Instance Level Cryptographic Material Exposure","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-347","description":"CWE-347 Improper Verification of Cryptographic Signature","type":"CWE"}]}],"affected":[{"vendor":"ConnectWise","product":"ScreenConnect","versions":[{"status":"affected","version":"All versions prior to 26.1"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios.","supportingMedia":[{"type":"text/html","base64":false,"value":"A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios.<br><div>\n\n\n\n\n\n<div>\n\n<div><a></a>\n\n<p><br></p>\n\n</div>\n\n</div>\n\n</div>"}]}],"references":[{"url":"https://www.connectwise.com/company/trust/security-bulletins/2026-03-17-screenconnect-bulletin"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseSeverity":"CRITICAL","baseScore":9,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}}],"solutions":[{"lang":"en","value":"Cloud: No action is required. ScreenConnect servers hosted in\n“screenconnect.com” cloud (standalone and Automate/RMM integrated) or\n“hostedrmm.com” for Automate partners have been updated to remediate the\nissue.  \n\n\n\nOn-premise ScreenConnect Partners:\n\n\n\n\n\nPlease upgrade to ScreenConnect version 26.1. Visit Download\n| ScreenConnect page to download and apply the update (access\nrequires a valid on-premises license). \n\n\n\n\n\n\n\n  *  If your license is out of maintenance, you must  upgrade your license https://docs.connectwise.com/ScreenConnect_Documentation/On-premises/On-premises_licensing/Renew_or_upgrade_an_on-premises_license  before installing\nthe latest supported release of ScreenConnect. \n  *  For\ninstructions on updating to the newest release, please reference this\ndoc: Upgrade an on-premise\ninstallation - ConnectWise \n\n\n\n\n\n\n\n\n\n\n\n\nAutomate On-Prem Partners with ScreenConnect\nIntegration:\n\n\n\nFor partners using an on-premises ScreenConnect\ninstallation integrated with Automate, ScreenConnect 26.1 is available through\nthe  Automate Product Updates https://docs.connectwise.com/ConnectWise_Automate_Documentation/Automate_Product_Updates  page.\n\n\n\n\n\n\nLink to release\nnotes:  ScreenConnect 26.1 / ScreenConnect https://screenconnect.product.connectwise.com/communities/26/topics/5088-screenconnect-261","supportingMedia":[{"type":"text/html","base64":false,"value":"<p><br></p>\n\n<p><b>Cloud:&nbsp;</b>No action is required. ScreenConnect servers hosted in\n“screenconnect.com” cloud (standalone and Automate/RMM integrated) or\n“hostedrmm.com” for Automate partners have been updated to remediate the\nissue. &nbsp;</p>\n\n<p><b>On-premise</b>&nbsp;<b>ScreenConnect</b> <b>Partners:</b></p>\n\n\n\n<p>Please upgrade to ScreenConnect version 26.1. Visit <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.screenconnect.com/download\">Download\n| ScreenConnect</a> page to download and apply the update <i>(access\nrequires a valid on-premises license)</i>.&nbsp;</p>\n\n\n\n<p></p><ul><li>If your license is out of maintenance, you must <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.connectwise.com/ScreenConnect_Documentation/On-premises/On-premises_licensing/Renew_or_upgrade_an_on-premises_license\">upgrade your license</a>&nbsp;before installing\nthe latest supported release of ScreenConnect. </li><li>For\ninstructions on updating to the newest release, please reference this\ndoc: <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.connectwise.com/ConnectWise_ScreenConnect_Documentation/On-premises/Get_started_with_ConnectWise_ScreenConnect_On-Premise/Upgrade_an_on-premises_installation\">Upgrade an on-premise\ninstallation - ConnectWise</a>&nbsp;</li></ul><p></p>\n\n\n\n\n\n\n\n<p><b>Automate On-Prem Partners with ScreenConnect\nIntegration</b>:</p>\n\n<p>For partners using an on-premises ScreenConnect\ninstallation integrated with Automate, ScreenConnect 26.1 is available through\nthe <a href=\"https://docs.connectwise.com/ConnectWise_Automate_Documentation/Automate_Product_Updates\">Automate Product Updates</a> page.</p><p><br></p>\n\n<p>Link to release\nnotes: <a href=\"https://screenconnect.product.connectwise.com/communities/26/topics/5088-screenconnect-261\">ScreenConnect 26.1 / ScreenConnect</a></p>"}]}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-03-17T00:00:00+00:00","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3","id":"CVE-2026-3564"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-18T03:55:41.186Z"}}]}}