Urgent Patch Alert: Critical ConnectWise ScreenConnect Flaw (CVSS 10.0) Under Active Exploitation

Publication Date: February 10, 2026

Summary

This advisory covers a critical cybersecurity event on February 10, 2026, centered on the active exploitation of two severe vulnerabilities in ConnectWise ScreenConnect. A CVSS 10.0 authentication bypass flaw (CVE-2026-1014) and a high-severity path traversal vulnerability (CVE-2026-1219) are being chained by attackers to achieve remote code execution on unpatched on-premise servers. CISA has added the critical flaw to its Known Exploited Vulnerabilities (KEV) catalog, mandating immediate action. Organizations using ScreenConnect versions 23.9.7 and older are urged to upgrade to version 23.9.8 or later immediately or take servers offline to prevent compromise.

Today New Articles

Patch Now: Critical ScreenConnect Auth Bypass (CVSS 10.0) Under Active Attack

ConnectWise has disclosed and patched two critical vulnerabilities affecting its ScreenConnect remote access software, with one flaw, CVE-2026-1014, receiving a maximum CVSS score of 10.0. This authentication bypass vulnerability allows a remote, unauthenticat...