4.7
CVE-2026-11596
- EPSS 0.22%
- Veröffentlicht 10.06.2026 17:15:07
- Zuletzt bearbeitet 10.06.2026 20:19:35
- Quelle 7d616e1a-3288-43b1-a0dd-0a65d3
- CVE-Watchlists
- Unerledigt
In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerConnectWise
≫
Produkt
ScreenConnect
Default Statusunaffected
Version
All versions prior to 26.2
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.124 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 7d616e1a-3288-43b1-a0dd-0a65d3e70a49 | 4.7 | 1.2 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
|
CWE-1284 Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
https://github.com/ConnectWise-Advisories/Disclosures/tree/main/CVE-2026-11596