ConnectWise has urgently patched two critical security vulnerabilities in its ScreenConnect remote desktop access product, including an “authentication bypass using an alternate path or channel” with a maximum CVSS severity score of 10/10. Another bug, involving “improper limitation of a pathname to a restricted directory,” received a CVSS severity score of 8.4/10. While there’s no evidence of in-the-wild exploitation, ConnectWise advises enterprise admins to apply the patches promptly due to the severity and risk of potential exploitation, especially for on-prem or self-hosted customers using affected versions 23.9.7 and earlier.