ConnectWise said upgrading its ScreenConnect remote support and access tool to the latest version will eliminate the vulnerability that could allow a hacker to bypass the way its machine keys are encrypted. This is the second ScreenConnect vulnerability found in less than one year.
MSP platform developer ConnectWise Tuesday issued a notification that earlier versions of its ScreenConnect remote support and access tool could allow unauthorized actors to misuse it for session authentication.
In that notice, ConnectWise said it released a security update to address issues related to how server-level cryptographic material is protected.
“Earlier versions of ScreenConnect stored unique machine keys per instance within server configuration files, which under certain conditions could allow unauthorized actors to extract this material and misuse it for session authentication. ScreenConnect version 26.1 introduces enhanced protections for machine key handling, including encrypted storage and management, reducing the risk of unauthorized access in scenarios where server integrity may be compromised,” the company wrote.
[Related: ConnectWise CISO Warns MSPs: Rethink Third-Party Risk As AI Accelerates]
The vulnerability, CVE-2026-3564, is considered a high priority, which ConnectWise said includes “vulnerabilities that are either being targeted or have higher risk of being targeted by exploits in the wild.”
ConnectWise said the vulnerability can be eliminated by upgrading ScreenConnect to version 26.1. MSPs whose licenses are out of maintenance will have to first upgrade their license.
The National Institute of Standards and Technology (NIST) described CVE-2026-3564 as “a condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios.”
NIST classified CVE-2026-3564 as “critical.”
David Raissipour, ConnectWise chief product and technology officer, in an emailed response to a CRN request for further information, said the updates it issued are part of an ongoing product hardening focused on reducing attack surface, including improvements to how machine keys are used within ScreenConnect.
“This work is informed by lessons learned from prior industry events and our continuous security review processes,” Raissipour said.
The security bulletin is primarily aimed at ConnectWise channel partners including MSPs so they can take appropriate action, Raissipour said.
“As with any security update, we encourage partners to apply patches promptly to help protect their environments and their clients,” he said.
This is not ConnectWise’s first experience with security issues around ScreenConnect.
The company last June was warned by the Cybersecurity and Infrastructure Security Agency (CISA) that hackers were exploiting the May 2025 ConnectWise ScreenConnect vulnerability, which could allow a ViewState code injection attack.
In that previous ScreenConnect cyberattack, ConnectWise wrote that it had “learned of suspicious activity within our environment that we believe was tied to a sophisticated nation state actor, which affected a very small number of ScreenConnect customers.”
In that case, ConnectWise worked with forensic expert Mandiant to patch ScreenConnect and implement enhanced monitoring and harden measures across the ScreenConnect environment.
Raissipour said this week’s vulnerability is a different issue from last year’s.
“This is not the same issue,” Raissipour replied. “While our ongoing security improvements are informed by past events, this update addresses a different area of the product as part of proactive hardening efforts.”
When CRN asked what ConnectWise is doing to assure MSPs that such similar security issues won’t happen again, Raissipour replied: “Security is a continuous effort. We have taken additional steps over the past year to reduce attack surface across our products, including removing prior dependencies, strengthening key management practices, and expanding our internal review and hardening processes. We will continue to invest in these efforts to further strengthen our products.”
