CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Critical ScreenConnect Vulnerability Exposes Machine Keys

Latest ScreenConnect version adds encrypted storage and management to prevent unauthorized access to machine keys. The post Critical ScreenConnect Vulnerability Exposes Machine Keys appeared first on SecurityWeek.

ConnectWise vulnerability

ConnectWise has rolled out a security update for ScreenConnect to improve its handling of machine keys and prevent server compromise.

The update addresses CVE-2026-3564 (CVSS score of 9.0), a critical-severity vulnerability that could allow attackers to access cryptographic material used for session authentication.

Previously, ScreenConnect stored the unique machine keys within server configuration files, which exposed them to exfiltration in certain scenarios.

The latest iteration of the remote monitoring and management solution eliminates the risk by encrypting the cryptographic material.

“ScreenConnect version 26.1 introduces enhanced protections for machine key handling, including encrypted storage and management, reducing the risk of unauthorized access in scenarios where server integrity may be compromised,” ConnectWise notes in its advisory.

The company assigned a ‘high’ priority rating to CVE-2026-3564, which it typically slaps on bugs “that are either being targeted or have higher risk of being targeted by exploits in the wild.”

In a separate advisory, ConnectWise notes that it is aware of attempts to abuse disclosed ASP.NET machine key material, which is used to sign and validate protected application data.

Threat actors could use this cryptographic material to elevate their privileges within ScreenConnect and to access active sessions, which could lead to server compromise.

“If the machine key material for a ScreenConnect instance is disclosed, a threat actor may be able to generate or modify protected values in ways that may be accepted by the instance as valid. This can result in unauthorized access and unauthorized actions within ScreenConnect,” the company said.

The flaw was allegedly exploited by Chinese state-sponsored hackers for years, but ConnectWise says it has no evidence to validate the claims. 

“The references in the advisory relate to our ongoing efforts to strengthen the security of ScreenConnect, including hardening measures around the use and management of ASP.NET machine key material. This work is part of a broader initiative to reduce attack surface and enhance product security, informed by continuous internal review and lessons learned from prior industry events,” a ConnectWise spokesperson told SecurityWeek.

Users are advised to update to ScreenConnect version 26.1 as soon as possible, to review access controls and restrict access to configuration files and backups, and to monitor logs for unusual activity.

Related: Apple Debuts Background Security Improvements With Fresh WebKit Patches

Related: Researcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t Patch

Related: Chrome 146 Update Patches Two Exploited Zero-Days

Related: Apple Updates Legacy iOS Versions to Patch Coruna Exploits

Latest News

CYBERNEWSMEDIAPublisher