ConnectWise ScreenConnect Privilege Escalation Vulnerability
Summary
CERT-Bund has issued a security advisory (WID-SEC-2026-0763) regarding a critical vulnerability in ConnectWise ScreenConnect versions prior to 26.1. The flaw allows remote attackers to bypass security measures and potentially escalate privileges on affected systems running Linux, UNIX, or Windows.
What changed
CERT-Bund has released a critical security advisory (WID-SEC-2026-0763) detailing a vulnerability in ConnectWise ScreenConnect software, affecting versions prior to 26.1. The vulnerability, with a CVSS Base Score of 9.0, allows remote, anonymous attackers to bypass security controls and potentially escalate their privileges on systems running Linux, UNIX, or Windows. The advisory indicates that mitigation is available.
Organizations utilizing ConnectWise ScreenConnect must urgently update their software to a patched version (26.1 or later) to address this critical security flaw. Failure to do so could result in unauthorized access and privilege escalation, compromising sensitive data and system integrity. While specific penalties are not mentioned, such vulnerabilities typically lead to significant operational disruption and potential reputational damage if exploited.
What to do next
- Update ConnectWise ScreenConnect to version 26.1 or later immediately.
- Review system logs for any signs of unauthorized access or privilege escalation.
- Implement additional security measures for remote access if immediate patching is not feasible.
Source document (simplified)
[WID-SEC-2026-0763] ConnectWise ScreenConnect: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen und potenziell Privilegieneskalation CVSS Base Score 9.0 (kritisch) CVSS Temporal Score 7.8 (hoch) Remoteangriff ja Datum 17.03.2026 Stand 18.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Linux
- Sonstiges
- UNIX
- Windows
Produktbeschreibung
ConnectWise ScreenConnect ist eine Softwarelösung für Fernzugriff, Fernsupport und Fernwartung von Computern, Servern, virtuellen Maschinen und mobilen Geräten.
Produkte
17.03.2026
- ConnectWise ScreenConnect <26.1
Angriff
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in ConnectWise ScreenConnect ausnutzen, um Sicherheitsvorkehrungen zu umgehen, und potenziell um seine Privilegien zu erhöhen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.