CVE Catalog

CVE-2026-11596

MediumCVSS 4.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.05%

16th percentile — higher than 16% of all known CVEs

Summary

In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges to specify a token expiration duration beyond the intended maximum when generating delegated access tokens.

Risk Assessment

This could lead to unauthorized access to resources if a user exploits this vulnerability to extend the validity of access tokens.

Recommendation

It is recommended to upgrade to version 26.2 or later to mitigate this vulnerability.

Original NVD description (English source)

In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS