CVE-2026-11596

Published: Jun 10, 2026Modified: Jun 10, 2026

4.7

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Exploitability: 1.2 / Impact: 3.4

Source: 7d616e1a-3288-43b1-a0dd-0a65d3e70a49 (Secondary)

Description

In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens.

Related CWEs

CWE-1284

Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

References (1)

https://github.com/ConnectWise-Advisories/Disclosures/tree/main/CVE-2026-11596

Source: 7d616e1a-3288-43b1-a0dd-0a65d3e70a49

Timeline

No history available yet.