ConnectWise Patches Critical Vulnerability in ScreenConnect Remote Access Platform

📌 ConnectWise has patched a critical vulnerability (CVE-2026-3564) in its ScreenConnect remote access platform, which could allow attackers to hijack sessions by exploiting improper verification of cryptographic signatures. The flaw affects both cloud-hosted and self-deployed instances of ScreenConnect, commonly used by managed service providers (MSPs), IT departments, and technology solution providers. CVE-2026-3564 stems from the abuse of ASP.NET machine keys to forge trusted authentication and can be exploited remotely. The vulnerability was disclosed on March 20, 2026, with no additional technical details on exploitation methods provided. No specific impact or active attacks were mentioned beyond the potential for session hijacking.