CVE Catalog

CVE-2026-3564

CriticalCVSS 9.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

28th percentile - higher than 28% of all known CVEs

Summary

A vulnerability in the ScreenConnect server component allows an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. ScreenConnect host and guest client agents are not independently affected by this CVE.

Risk Assessment

The organization is at risk of privilege escalation and unauthorized access to the ScreenConnect server, potentially leading to control over remote sessions and data confidentiality breaches.

Recommendation

Immediately apply the security update provided by ScreenConnect vendor and restrict access to server cryptographic material to trusted administrators only.

Original NVD description (English source)

A condition in the ScreenConnect server component may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. ScreenConnect host and guest client agents are not independently affected by this CVE.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS