CVE-2026-3564

ScreenConnect Instance Level Cryptographic Material Exposure

Basic Information

CVE State: PUBLISHED
Reserved Date: March 04, 2026
Published Date: March 17, 2026
Last Updated: March 18, 2026
Vendor: ConnectWise
Product: ScreenConnect
Description: A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios.

CVSS Scores

CVSS v3.1

9.0 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

SSVC Information

Exploitation: none
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2026-04-19 13:47:27 UTC) Source

References

https://www.connectwise.com/company/trust/security-bulletins/2026-03-17-screenconnect-bulletin

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2026-04-19 13:47:27 UTC

Timeline

CVE ID Reserved

March 04, 2026
CVE Published to Public

March 17, 2026
Added to KEVIntel

April 19, 2026