"ScreenConnect version 26.1 introduces enhanced protections for machine key handling, including encrypted storage and management, reducing the risk of unauthorized access in scenarios where server integrity may be compromised."
"If the machine key material for a ScreenConnect instance is disclosed, a threat actor may be able to generate or modify protected values in ways that may be accepted by the instance as valid. This can result in unauthorized access and unauthorized actions within ScreenConnect."
"Previously, ScreenConnect stored the unique machine keys within server configuration files, which exposed them to exfiltration in certain scenarios. The latest iteration of the remote monitoring and management solution eliminates the risk by encrypting the cryptographic material."
ConnectWise deployed a security update for ScreenConnect to address CVE-2026-3564, a critical vulnerability with a CVSS score of 9.0. The flaw allowed attackers to access cryptographic machine keys stored in server configuration files, potentially compromising session authentication and enabling unauthorized server access. Version 26.1 implements enhanced protections through encrypted storage and management of machine keys. Threat actors could exploit disclosed machine key material to elevate privileges, access active sessions, and compromise servers. ConnectWise assigned a high priority rating to this vulnerability due to active exploitation attempts. The company acknowledges awareness of ASP.NET machine key abuse but reports no confirmed evidence of state-sponsored exploitation.
#screenconnect-security-update #cve-2026-3564 #machine-key-encryption #vulnerability-management #cryptographic-material-protection
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]