Security Bulletin: ScreenConnect Authentication Trust Vulnerability and Hardening Advisory
Date: March 19, 2026Severity: HighAffected Product: ConnectWise ScreenConnect (versions prior to 26.1) Executive Summary Critical Path Security is advising clients of a recently disclosed security concern impacting ConnectWise ScreenConnect related to the potential abuse of ASP.NET machine key material used for authentication trust. If cryptographic material associated with a ScreenConnect instance is exposed, a threat actor may be able to forge or manipulate trusted application data. This could result in unauthorized access, session hijacking, and privilege escalation within the platform. ConnectWise has released version 26.1 to address this risk through enhanced protection and rotation of cryptographic material. Immediate action is recommended. Technical Overview ScreenConnect relies on ASP.NET machine keys to sign and validate protected application data, including authentication tokens and session state. Under normal conditions, these keys ensure: Data integrity Authenticity of session information Protection against tampering However, if machine key material becomes accessible through: Misconfigured backups Exposed configuration files…
