CVE-2026-11596

Published Jun 10, 2026

Last updated 4 days ago

CVSS medium 4.7

Overview

Description
In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens.
Source
7d616e1a-3288-43b1-a0dd-0a65d3e70a49
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.7
Impact score
3.4
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Severity
MEDIUM

Weaknesses

7d616e1a-3288-43b1-a0dd-0a65d3e70a49
CWE-1284

Social media

Hype score
Not currently trending

References

Sources include official advisories and independent security research.