CVE-2026-3564

Name of the Vulnerable Software and Affected Versions ScreenConnect versions prior to 26.1

Description A flaw in ScreenConnect could allow an attacker with access to server-level cryptographic material used for authentication to gain unauthorized access, potentially including elevated privileges. This is due to an improper verification of cryptographic signatures, where earlier versions stored unique machine keys per instance within server configuration files. Exploitation requires prior access to the server-level cryptographic material. The vulnerability is considered critical and has a CVSS score of 9.0. The issue could allow attackers to forge authenticated sessions and escalate privileges within a ScreenConnect instance, potentially impacting downstream client environments, especially given ScreenConnect's use by Managed Service Providers. The machine key attack surface is of particular concern, as publicly exposed machine keys have been observed being misused to inject malicious code into servers.

Recommendations Upgrade to ScreenConnect version 26.1.