CISA Warns of ConnectWise ScreenConnect Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a severe vulnerability in ConnectWise ScreenConnect.

On April 28, 2026, CISA officially added this flaw, tracked as CVE-2024-1708, to its Known Exploited Vulnerabilities (KEV) catalog.

This alert confirms that malicious threat actors are currently abusing this bug to breach networks.

ConnectWise ScreenConnect Vulnerability

ConnectWise ScreenConnect is a popular remote support tool used by IT professionals to manage computers remotely.

Because this software requires high-level network permissions to function, any security gap provides attackers with a direct pathway into corporate environments.

The vulnerability CVE-2024-1708, is officially classified as a path traversal weakness under CWE-22.

A path traversal flaw occurs when a program fails to filter file paths requested by an outside user properly.

This oversight allows an attacker to manipulate the file path and navigate into restricted folders on the server.

By exploiting this path traversal vulnerability, cybercriminals can execute malicious code remotely.

They can steal highly confidential data, alter sensitive system files, and gain complete control over critical IT infrastructure.

CISA has confirmed that attackers are actively exploiting CVE-2024-1708 in real-world scenarios.

At this time, the agency lists the vulnerability’s direct connection to specific ransomware campaigns as “Unknown.”

Despite this unknown status, remote access software remains a favorite target for ransomware operators and data extortion groups.

Hackers frequently exploit vulnerabilities in tools like ScreenConnect to gain initial entry.

Once inside the network, they can easily deploy ransomware payloads or sell the network access to other cybercriminal syndicates.

Security teams should treat this active exploitation as an extreme risk to network integrity.

Mitigations and Deadlines

To minimize the risk of a data breach, CISA has established a strict remediation timeline.

Federal Civilian Executive Branch (FCEB) agencies must patch or mitigate this vulnerability by May 12, 2026.

CISA highly recommends that private organizations and businesses follow this same deadline to protect their operational data.

Network defenders should implement these security actions immediately:

• Apply the latest security patches and mitigations directly, following vendor instructions provided by ConnectWise.
• Review and follow the guidance in CISA’s Binding Operational Directive (BOD) 22-01 regarding the safe use and management of cloud services.
• Isolate or completely discontinue the use of the ScreenConnect product if the required mitigations are currently unavailable.
• Actively monitor internal systems for any unusual administrative behavior, unexpected remote connections, or unauthorized file access attempts.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post CISA Warns of ConnectWise ScreenConnect Vulnerability Exploited in Attacks appeared first on Cyber Security News.