CVE-2026-3564 – ConnectWise ScreenConnect Critical Vulnerability
CVSS 9
CRITICAL
“When remote access tools break, attackers don’t knock—they log in.”
ConnectWise has released a patch addressing CVE-2026-3564, a critical vulnerability in ScreenConnect that could allow attackers to gain unauthorized access or control over remote systems. The CVSS score is 9.0, which is Critical severity. Given the nature of remote access software, exploitation could lead to full system compromise, lateral movement, and widespread operational impact.
There is no verified evidence of real-world exploitation or public proof-of-concept code at this time. However, the critical severity and exposure level make this a high-priority issue, especially for environments relying on ScreenConnect for remote administration.
Key Details
- Attack Vector
- Network
- Attack Complexity
- High
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-347
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.