What happened
ConnectWise disclosed and patched CVE-2026-3564 in ScreenConnect, describing a cryptographic signature verification issue that could let attackers abuse trusted values and perform unauthorized actions.
The issue impacts versions before 26.1. ConnectWise reports that cloud-hosted customers were moved to fixed versions, while self-hosted administrators must patch manually.
Why this matters
ScreenConnect is widely used by MSPs and internal IT teams for remote administration. A weakness in this kind of tooling can quickly become high impact because:
- Remote access products often have privileged access to many endpoints
- A single compromised management node can affect multiple organizations
- Attackers actively target RMM and remote support software
What defenders should do now
- Upgrade on-prem ScreenConnect to 26.1 or newer immediately.
- Review ScreenConnect admin/user sessions for unusual logins and role changes.
- Rotate sensitive keys and credentials tied to remote management workflows.
- Restrict administrative access paths with MFA and network controls.
Bottom line
This is a high-priority patch for organizations running self-hosted ScreenConnect. Treat it as a remote-management security event, not routine maintenance.