ConnectWise has rolled out a security update for ScreenConnect to improve its handling of machine keys and prevent server compromise.
The update addresses CVE-2026-3564 (CVSS score of 9.0), a critical-severity vulnerability that could allow attackers to access cryptographic material used for session authentication.
Previously, ScreenConnect stored the unique machine keys within server configuration files, which exposed them to exfiltration in certain scenarios.
The latest iteration of the remote monitoring and management solution eliminates the risk by encrypting the cryptographic material.
“ScreenConnect version 26.1 introduces enhanced protections for machine key handling, including encrypted storage and management, reducing the risk of unauthorized access in scenarios where server integrity may be compromised,” ConnectWise notes in its advisory.
The company assigned a ‘high’ priority rating to CVE-2026-3564, which it typically slaps on bugs “that are either being targeted or have higher risk of being targeted by exploits in the wild.”
In a separate advisory, ConnectWise notes that it is aware of attempts to abuse disclosed ASP.NET machine key material, which is used to sign and validate protected application data.
Threat actors could use this cryptographic material to elevate their privileges within ScreenConnect and to access active sessions, which could lead to server compromise.
“If the machine key material for a ScreenConnect instance is disclosed, a threat actor may be able to generate or modify protected values in ways that may be accepted by the instance as valid. This can result in unauthorized access and unauthorized actions within ScreenConnect,” the company said.
The flaw was allegedly exploited by Chinese state-sponsored hackers for years, but ConnectWise says it has no evidence to validate the claims.
“The references in the advisory relate to our ongoing efforts to strengthen the security of ScreenConnect, including hardening measures around the use and management of ASP.NET machine key material. This work is part of a broader initiative to reduce attack surface and enhance product security, informed by continuous internal review and lessons learned from prior industry events,” a ConnectWise spokesperson told SecurityWeek.
Users are advised to update to ScreenConnect version 26.1 as soon as possible, to review access controls and restrict access to configuration files and backups, and to monitor logs for unusual activity.
Related: Apple Debuts Background Security Improvements With Fresh WebKit Patches
Related: Researcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t Patch
Related: Chrome 146 Update Patches Two Exploited Zero-Days
Related: Apple Updates Legacy iOS Versions to Patch Coruna Exploits
