ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:HConnectwise Screenconnect
APPConnectwise< 23.9.8
CISA KEV — detailsi
- Vendori
- ConnectWise ↗
- Producti
- ScreenConnect
- Added to KEVi
- April 28, 2026
- Remediation deadline (US Federal)i
- May 12, 2026(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
ConnectWise ScreenConnect contains a path traversal vulnerability which could allow an attacker to execute remote code or directly impact confidential data and critical systems.
Related vulnerabilities
Authentication Bypass w ConnectWise ScreenConnect — bezpośredni dostęp do systemów
ConnectWise ScreenConnect — instalacja niezaufanych rozszerzeń z RCE
ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. AS...
ConnectWise ScreenConnect through 23.8.4 allows man-in-the-middle attackers to achieve remote code execution v...
In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values includin...