Connectwise Screenconnect
7 CVEs affecting Connectwise Screenconnect. Latest disclosed: 2026-03-17. Critical: 3, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-1709 | Critical | 10.0 | 2024-02-21 | ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an atta… |
CVE-2025-14265 | Critical | 9.1 | 2025-12-11 | In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execut… |
CVE-2026-3564 | Critical | 9.0 | 2026-03-17 | A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, inclu… |
CVE-2024-1708 | High | 8.4 | 2024-02-21 | ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or di… |
CVE-2025-3935 | High | 8.1 | 2025-04-25 | ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page an… |
CVE-2025-14823 | Medium | 5.3 | 2025-12-18 | In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be return… |
CVE-2022-36781 | Medium | 5.3 | 2022-09-28 | ConnectWise ScreenConnect versions 22.6 and below contained a flaw allowing potential brute force attacks on custom access tokens due to inadequate rate-limiti… |