Skip to main content

Screenconnect

4 CVEs product

Monthly

CVE-2026-11596 MEDIUM This Month

ScreenConnect versions prior to 26.2 permit an authenticated user holding Host Pass creation privileges to bypass the intended maximum token expiration duration when generating delegated access tokens. The root cause is improper input validation (CWE-1284) on the duration field in the Host Pass workflow, allowing the value to exceed its designed upper bound. While no public exploit or CISA KEV listing exists at time of analysis, successful abuse results in the creation of anomalously long-lived access tokens, extending delegated access well beyond the security policy limit - a persistence and access-control integrity risk.

Information Disclosure Screenconnect
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
0.1%
CVE-2026-3564 CRITICAL Act Now

A cryptographic authentication bypass vulnerability in ConnectWise ScreenConnect allows remote attackers who gain access to server-level cryptographic material to authenticate as any user and obtain elevated privileges. The vulnerability affects all ScreenConnect versions prior to 26.1 and carries a CVSS score of 9.0, indicating critical severity. While not currently listed in CISA's KEV catalog and with no public proof-of-concept available, the vulnerability's authentication bypass nature and potential for complete system compromise make it a high-priority patching target.

Authentication Bypass Jwt Attack Screenconnect
NVD VulDB
CVSS 3.1
9.0
EPSS
0.0%
CVE-2025-3935 HIGH KEV THREAT Act Now

ConnectWise ScreenConnect 25.2.3 and earlier may be susceptible to ViewState code injection when machine keys are compromised, enabling remote code execution through ASP.NET deserialization.

RCE Deserialization Screenconnect
NVD
CVSS 3.1
8.1
EPSS
15.5%
CVE-2022-36781 MEDIUM This Month

ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Screenconnect
NVD
CVSS 3.1
5.3
EPSS
0.5%
EPSS 0% CVSS 4.7
MEDIUM This Month

ScreenConnect versions prior to 26.2 permit an authenticated user holding Host Pass creation privileges to bypass the intended maximum token expiration duration when generating delegated access tokens. The root cause is improper input validation (CWE-1284) on the duration field in the Host Pass workflow, allowing the value to exceed its designed upper bound. While no public exploit or CISA KEV listing exists at time of analysis, successful abuse results in the creation of anomalously long-lived access tokens, extending delegated access well beyond the security policy limit - a persistence and access-control integrity risk.

Information Disclosure Screenconnect
NVD GitHub VulDB
EPSS 0% CVSS 9.0
CRITICAL Act Now

A cryptographic authentication bypass vulnerability in ConnectWise ScreenConnect allows remote attackers who gain access to server-level cryptographic material to authenticate as any user and obtain elevated privileges. The vulnerability affects all ScreenConnect versions prior to 26.1 and carries a CVSS score of 9.0, indicating critical severity. While not currently listed in CISA's KEV catalog and with no public proof-of-concept available, the vulnerability's authentication bypass nature and potential for complete system compromise make it a high-priority patching target.

Authentication Bypass Jwt Attack Screenconnect
NVD VulDB
EPSS 16% CVSS 8.1
HIGH KEV THREAT Act Now

ConnectWise ScreenConnect 25.2.3 and earlier may be susceptible to ViewState code injection when machine keys are compromised, enabling remote code execution through ASP.NET deserialization.

RCE Deserialization Screenconnect
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiting controls in the default. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Screenconnect
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy