A critical vulnerability in ConnectWise ScreenConnect, identified as CVE-2026-3564, is actively being exploited in the wild, posing a significant threat to unpatched systems. This zero-day flaw, which has a CVSS score of 9, was being exploited before its disclosure on March 17, 2026. The vulnerability arises from a condition that allows attackers with access to server-level cryptographic material to gain unauthorized access, potentially with elevated privileges.
The flaw is categorized under CWE-347, indicating issues with cryptographic material handling that could lead to unauthorized access. Despite its critical nature, the Exploit Prediction Scoring System (EPSS) rates the likelihood of exploitation as low, with a score of 0.000. However, the fact that it has already been exploited in the wild underscores the urgency for organizations using ScreenConnect to take immediate action.
ConnectWise has not yet released a patch for this vulnerability, leaving many systems exposed to potential attacks. The Security Severity Vulnerability Classification (SSVC) suggests that organizations should track this vulnerability closely, given its active exploitation status.
Organizations using ScreenConnect should review their systems for any signs of unauthorized access and consider implementing additional security measures to protect sensitive cryptographic materials. Until a patch is available, heightened vigilance and monitoring are crucial to mitigate the risks associated with this vulnerability.
CSURFACE