CVE-2026-3564
CriticalCVSS 9.0Exploitation Probability (EPSS)
Low risk28th percentile - higher than 28% of all known CVEs
Summary
A vulnerability in the ScreenConnect server component allows an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. ScreenConnect host and guest client agents are not independently affected by this CVE.
Risk Assessment
The organization is at risk of privilege escalation and unauthorized access to the ScreenConnect server, potentially leading to control over remote sessions and data confidentiality breaches.
Recommendation
Immediately apply the security update provided by ScreenConnect vendor and restrict access to server cryptographic material to trusted administrators only.
Original NVD description (English source)
A condition in the ScreenConnect server component may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. ScreenConnect host and guest client agents are not independently affected by this CVE.

