Skip to main content

Jwt Attack CVE-2026-3564

| EUVDEUVD-2026-12574 CRITICAL
Improper Verification of Cryptographic Signature (CWE-347)
2026-03-17 ConnectWise
9.0
CVSS 3.1 · Vendor: ConnectWise
Share

Severity by source

Vendor (ConnectWise) PRIMARY
9.0 CRITICAL
AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from Vendor (ConnectWise) · only source for this CVE.

CVSS VectorVendor: ConnectWise

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 17, 2026 - 20:30 euvd
EUVD-2026-12574
Analysis Generated
Mar 17, 2026 - 20:30 vuln.today
CVE Published
Mar 17, 2026 - 14:48 nvd
CRITICAL 9.0

DescriptionCVE.org

A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios.

AnalysisAI

A cryptographic authentication bypass vulnerability in ConnectWise ScreenConnect allows remote attackers who gain access to server-level cryptographic material to authenticate as any user and obtain elevated privileges. The vulnerability affects all ScreenConnect versions prior to 26.1 and carries a CVSS score of 9.0, indicating critical severity. While not currently listed in CISA's KEV catalog and with no public proof-of-concept available, the vulnerability's authentication bypass nature and potential for complete system compromise make it a high-priority patching target.

Technical ContextAI

ConnectWise ScreenConnect (CPE: cpe:2.3:a:connectwise:screenconnect:*:*:*:*:*:*:*:*) is a remote desktop and support software solution that relies on cryptographic authentication mechanisms to verify user identities. The vulnerability is classified as CWE-347 (Improper Verification of Cryptographic Signature), indicating that the application fails to properly validate cryptographic signatures or tokens used for authentication. Based on the tags mentioning 'JWT Attack', this likely involves JSON Web Token authentication where the server accepts tokens signed with compromised or improperly validated cryptographic keys, allowing attackers to forge authentication credentials.

RemediationAI

Upgrade ConnectWise ScreenConnect to version 26.1 or later immediately, as detailed in the vendor security bulletin at https://www.connectwise.com/company/trust/security-bulletins/2026-03-17-screenconnect-bulletin. Until patching is complete, organizations should audit and rotate all server-level cryptographic keys and certificates, implement network segmentation to limit ScreenConnect server exposure, enable comprehensive logging for authentication events, and monitor for suspicious authentication patterns or privilege escalations. Additional information is available from the VulDB advisory at https://vuldb.com/?id.351372.

CVE-2013-3900 MEDIUM
5.5 Dec 11

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update

CVE-2026-48558 CRITICAL POC
9.5 Jun 12

Authentication bypass in SimpleHelp 5.5.15 and prior (plus 6.0 pre-release builds) allows remote unauthenticated attacke

CVE-2025-59718 CRITICAL
9.8 Dec 09

Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to

CVE-2025-25291 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2025-25292 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2022-25898 CRITICAL POC
9.8 Jul 01

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT

CVE-2024-42004 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated criti

CVE-2024-41145 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.27

CVE-2024-41138 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work

CVE-2024-45409 CRITICAL POC
9.8 Sep 10

The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), t

CVE-2022-35929 CRITICAL POC
9.8 Aug 04

cosign is a container signing and verification utility. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2022-31053 CRITICAL POC
9.8 Jun 13

Biscuit is an authentication and authorization token for microservices architectures. Rated critical severity (CVSS 9.8)

Share

CVE-2026-3564 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy