CVE-2026-11596

4.7MEDIUM

Key Information:

Vendor: Connectwise
Status: Screenconnect
Vendor: CVE Published:; 10 June 2026

🔔 Create Connectwise Vulnerability Alert

What is CVE-2026-11596?

In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens.

Affected Version(s)

ScreenConnect All versions prior to 26.2

References

https://github.com/ConnectWise-Advisories/Disclosures/tre...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2026
Vulnerability Reserved
Jun 8, 2026

Credit

Damian West (Austin Group)

CVE-2026-11596 Data

JSON