Warning: Critical vulnerability in ConnectWise ScreenConnect. Patch Immediately!

. * Last Update: 18/03/2026

    * Affected products:
         → Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit

    * Type: CWE-347 Improper Verification of Cryptographic Signature

    * CVE/CVSS:

• CVE-2026-3564: 9.0 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

Sources

ConnectWise - https://www.connectwise.com/company/trust/security-bulletins/2026-03-17-screenconnect-bulletin

Risks

This vulnerability allows an unauthorised attacker under certain conditions to access machine keys and use this to elevate their access. This has a high impact on availability, integrity and confidentiality.

Description

The unique machine keys per instance were stored in server configuration files and under certain conditions, attackers could get access to this cryptographic material and obtain unauthorised access. The issue is solved starting from version 26.1.

Recommended Actions

Patch 
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

More information on the vendor’s website: https://www.connectwise.com/company/trust/security-bulletins/2026-03-17-screenconnect-bulletin

Monitor/Detect 
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/cert/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

NVD - https://nvd.nist.gov/vuln/detail/CVE-2026-3564