ON 28 April 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE‑2024‑1708 to its Known Exploited Vulnerabilities (KEV) catalogue. The flaw affects ConnectWise ScreenConnect and is a path traversal vulnerability that could allow an attacker to execute remote code or directly impact confidential data and critical systems.
The vulnerability resides in the ScreenConnect web interface and can be triggered by sending crafted requests that traverse directory boundaries. Successful exploitation may lead to arbitrary file read or write, potentially enabling remote code execution. The National Vulnerability Database assigns the flaw a CVSS v3.1 base score of 8.4, rating it as HIGH severity. ConnectWise has released a security bulletin that includes a patch; the advisory is available at the vendor’s trust site. The bulletin specifically addresses ScreenConnect version 23.9.8.
By inclusion in the KEV catalogue, CISA confirms that active exploitation of CVE‑2024‑1708 has been observed in the wild. No public reporting links this vulnerability to ransomware campaigns at this time. Federal Civilian Executive Branch (FCEB) agencies must apply the required mitigations by 12 May 2026, the remediation deadline set by CISA. Organisations should prioritise remediation to mitigate the risk of compromise.
CISA’s required action is to apply mitigations per vendor instructions, follow applicable BOD 22‑01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. While the directive binds FCEB agencies, CISA advises all organisations to review their ScreenConnect deployments, apply the available patch, and implement any recommended mitigations to reduce exposure. Administrators should verify the installed ScreenConnect version against the patched release.
For full details, see the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2024-1708 and the CISA KEV catalogue.