CVE-2026-11596

Summary

In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens.

Affected Software

VendorProductVersion RangeStatus
ConnectWiseScreenConnectAll versions prior to 26.2affected

Weaknesses

  • CWE-1284: CWE-1284 Improper validation of specified quantity in input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References