SECURITYWEEK reports that ConnectWise has issued a security update for ScreenConnect to improve handling of machine keys after the critical vulnerability CVE-2026-3564, which carries a CVSS of 9.0, was disclosed. The latest version, ScreenConnect 26.1, encrypts the cryptographic material used for session authentication and removes the prior exposure of machine keys stored in server configuration files.
According to ConnectWise, the update introduces encrypted storage and management of machine keys to reduce the risk of unauthorized access if server integrity is compromised, and a high priority rating was assigned to CVE-2026-3564. The advisory notes attempts to abuse ASP[.]NET machine key material and warns that threat actors could use this material to elevate privileges and access active sessions, potentially leading to server compromise.
It also states that the flaw was allegedly exploited by Chinese state-sponsored hackers for years, but ConnectWise says it has no evidence to validate the claims. Users are urged to update to version 26.1 promptly, review access controls, restrict access to configuration files and backups, and monitor logs for unusual activity.