Home / Vulnerability Intelligence / CVE-2026-3564

CVE-2026-3564 - Vulnerability Analysis

CriticalCVSS: 9.0

Last Updated: March 17, 2026

ScreenConnect - Authentication Bypass

Published: March 17, 2026Updated: March 17, 2026Remote Exploitable

Overview

ScreenConnect contains an authentication bypass caused by access to server-level cryptographic material, letting attackers obtain unauthorized access including elevated privileges, exploit requires access to cryptographic material.

Severity & Score

Severity: Critical

CVSS Score: 9.0

Impact

Attackers with access to cryptographic material can gain unauthorized access and escalate privileges, compromising the system.

Mitigation

Update to the latest version with security patches addressing cryptographic material access.

References

https://www.connectwise.com/company/trust/security-bulletins/2026-03-17-screenconnect-bulletin

Related Resources

Details

CVE ID: CVE-2026-3564
Severity: Critical
CVSS Score: 9.0
Type: broken_authentication
Status: new

CWE

CWE-347

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H