ConnectWise ScreenConnect Unauthorized Access Vulnerability via Cryptographic Material Extraction

A vulnerability in ConnectWise ScreenConnect prior to version 26.1 allows unauthorized access, including elevated privileges, by exploiting server-level cryptographic material used for authentication. Earlier versions stored unique machine keys in server configuration files, which could be extracted and misused for session authentication. The vulnerability arises in scenarios where server integrity may be compromised.

Impact

Exploitation of this vulnerability could lead to unauthorized access and elevated privileges within the ScreenConnect application.

Remediation

Users are advised to upgrade to ScreenConnect version 26.1. For on-premises installations, this version is available on the ScreenConnect Download page. Partners using an on-premises ScreenConnect installation integrated with ConnectWise Automate can access the update through the Automate Product Updates page.