CVE-2026-11596
published 2026-06-10CVE-2026-11596: In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass…
PriorityP425medium4.7CVSS 3.1
AVNACLPRHUINSUCLILAL
EPSS
0.22%
12.6th percentile
In ScreenConnect™ versions prior to 26.2, input
validation within the Host Pass creation functionality could allow an
authenticated user with Host Pass creation privileges the ability to specify a
token expiration duration beyond the intended maximum when generating delegated
access tokens.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| connectwise | screenconnect | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a tok
ghsa_unreviewed·2026-06-10
CVE-2026-11596 [MEDIUM] CWE-1284 In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a tok
In ScreenConnect™ versions prior to 26.2, input
validation within the Host Pass creation functionality could allow an
authenticated user with Host Pass creation privileges the ability to specify a
token expiration duration beyond the intended maximum when generating delegated
access tokens.
VulDB
ConnectWise ScreenConnect up to up to 26.1 Access Token improper validation of specified quantity in input
vuldb·2026-06-10·CVSS 4.7
CVE-2026-11596 [MEDIUM] ConnectWise ScreenConnect up to up to 26.1 Access Token improper validation of specified quantity in input
A vulnerability classified as problematic has been found in ConnectWise ScreenConnect up to up to 26.1. Affected is an unknown function of the component Access Token Handler. Performing a manipulation results in improper validation of specified quantity in input.
This vulnerability is known as CVE-2026-11596. Remote exploitation of the attack is possible. No exploit is available.
It is recommended to upgrade the affected component.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-10
Published