Urgent Patch Alert: Critical ConnectWise ScreenConnect Flaw (CVSS 10.0) Under Active Exploitation

ConnectWise ScreenConnect Hit by Critical Authentication Bypass Flaw (CVE-2026-1014), Active Exploitation Confirmed

ConnectWise has disclosed and patched two critical vulnerabilities affecting its ScreenConnect remote access software, with one flaw, CVE-2026-1014, receiving a maximum CVSS score of 10.0. This authentication bypass vulnerability allows a remote, unauthenticated attacker to create a new administrator account on an exposed server. A second path traversal flaw, CVE-2026-1219 (CVSS 8.4), allows an authenticated attacker to upload arbitrary files. Security researchers and CISA have confirmed that threat actors are actively chaining these vulnerabilities in the wild to gain initial access, upload malicious payloads, and achieve remote code execution on vulnerable on-premise instances. The flaws impact ScreenConnect versions 23.9.7 and older. ConnectWise has released version 23.9.8 to address the issues, and CISA has added CVE-2026-1014 to its Known Exploited Vulnerabilities (KEV) catalog, underscoring the urgency for immediate patching.