CVE-2026-11596
MediumCVSS 4.7Exploitation Probability (EPSS)
Low risk16th percentile — higher than 16% of all known CVEs
Summary
In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges to specify a token expiration duration beyond the intended maximum when generating delegated access tokens.
Risk Assessment
This could lead to unauthorized access to resources if a user exploits this vulnerability to extend the validity of access tokens.
Recommendation
It is recommended to upgrade to version 26.2 or later to mitigate this vulnerability.
Original NVD description (English source)
In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens.

