CVE-2026-11596_CVE-2026-11596

4.7 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Description

In ScreenConnect™ versions prior to 26.2, input
validation within the Host Pass creation functionality could allow an
authenticated user with Host Pass creation privileges the ability to specify a
token expiration duration beyond the intended maximum when generating delegated
access tokens.

Basic Information

ID CVE-2026-11596

Source ConnectWise

Published Jun 10, 2026 at 17:15

Modified Jun 10, 2026 at 18:18

Affected Product

Vendor ConnectWise

Product ScreenConnect

Version All versions prior to 26.2

Affected Versions ConnectWise ScreenConnect All versions prior to 26.2

CWE Classification

CWE-1284

References

github.com /ConnectWise-Advisories/Disclosures/tree/main/CVE-2026-11596

{
    "lastseen": "",
    "description": "In ScreenConnect\u2122 versions prior to 26.2, input\nvalidation within the Host Pass creation functionality could allow an\nauthenticated user with Host Pass creation privileges the ability to specify a\ntoken expiration duration beyond the intended maximum when generating delegated\naccess tokens.",
    "published": "2026-06-10T17:15:07.586Z",
    "modified": "2026-06-10T18:18:41.537Z",
    "type": "cve",
    "title": "CVE-2026-11596",
    "source": "ConnectWise",
    "references": "https://github.com/ConnectWise-Advisories/Disclosures/tree/main/CVE-2026-11596",
    "id": "CVE-2026-11596",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1284"
    ],
    "cvelist": null,
    "sourceData": "ConnectWise ScreenConnect All versions prior to 26.2",
    "sourceHref": "",
    "cvss": {
        "score": 4.7,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ScreenConnect",
    "version": "All versions prior to 26.2",
    "vendor": "ConnectWise",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}