CVE-2026-11596 (GCVE-0-2026-11596)
Vulnerability from cvelistv5 – Published: 2026-06-10 17:15 – Updated: 2026-06-10 18:18
VLAI
Summary
In ScreenConnect™ versions prior to 26.2, input
validation within the Host Pass creation functionality could allow an
authenticated user with Host Pass creation privileges the ability to specify a
token expiration duration beyond the intended maximum when generating delegated
access tokens.
Severity
4.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1284 - Improper validation of specified quantity in input
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ConnectWise | ScreenConnect |
Affected:
All versions prior to 26.2
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T18:18:34.629863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T18:18:41.537Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Host Pass"
],
"product": "ScreenConnect",
"vendor": "ConnectWise",
"versions": [
{
"status": "affected",
"version": "All versions prior to 26.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Damian West (Austin Group)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn ScreenConnect\u2122 versions prior to 26.2, input\nvalidation within the Host Pass creation functionality could allow an\nauthenticated user with Host Pass creation privileges the ability to specify a\ntoken expiration duration beyond the intended maximum when generating delegated\naccess tokens.\u0026nbsp;\u003c/p\u003e"
}
],
"value": "In ScreenConnect\u2122 versions prior to 26.2, input\nvalidation within the Host Pass creation functionality could allow an\nauthenticated user with Host Pass creation privileges the ability to specify a\ntoken expiration duration beyond the intended maximum when generating delegated\naccess tokens."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper validation of specified quantity in input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T17:15:07.586Z",
"orgId": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49",
"shortName": "ConnectWise"
},
"references": [
{
"url": "https://github.com/ConnectWise-Advisories/Disclosures/tree/main/CVE-2026-11596"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cb\u003eCloud:\u0026nbsp;\u003c/b\u003e\u003cspan\u003eNo action is required. ScreenConnect servers hosted in the\nScreenConnect cloud environment have been updated to remediate this issue.\u003c/span\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cb\u003eOn-prem\u003c/b\u003e:\u0026nbsp;\u003cspan\u003eUpgrade to ScreenConnect version 26.2 or later.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "Cloud:\u00a0No action is required. ScreenConnect servers hosted in the\nScreenConnect cloud environment have been updated to remediate this issue.\n\n\n\n\n\nOn-prem:\u00a0Upgrade to ScreenConnect version 26.2 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49",
"assignerShortName": "ConnectWise",
"cveId": "CVE-2026-11596",
"datePublished": "2026-06-10T17:15:07.586Z",
"dateReserved": "2026-06-08T14:17:16.449Z",
"dateUpdated": "2026-06-10T18:18:41.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-11596\",\"sourceIdentifier\":\"7d616e1a-3288-43b1-a0dd-0a65d3e70a49\",\"published\":\"2026-06-10T18:16:40.113\",\"lastModified\":\"2026-06-10T20:19:35.917\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In ScreenConnect\u2122 versions prior to 26.2, input\\nvalidation within the Host Pass creation functionality could allow an\\nauthenticated user with Host Pass creation privileges the ability to specify a\\ntoken expiration duration beyond the intended maximum when generating delegated\\naccess tokens.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"7d616e1a-3288-43b1-a0dd-0a65d3e70a49\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.2,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"7d616e1a-3288-43b1-a0dd-0a65d3e70a49\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1284\"}]}],\"references\":[{\"url\":\"https://github.com/ConnectWise-Advisories/Disclosures/tree/main/CVE-2026-11596\",\"source\":\"7d616e1a-3288-43b1-a0dd-0a65d3e70a49\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-11596\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-10T18:18:34.629863Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-10T18:18:38.074Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Damian West (Austin Group)\"}], \"impacts\": [{\"capecId\": \"CAPEC-153\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-153 Input Data Manipulation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"ConnectWise\", \"modules\": [\"Host Pass\"], \"product\": \"ScreenConnect\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions prior to 26.2\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Cloud:\\u00a0No action is required. ScreenConnect servers hosted in the\\nScreenConnect cloud environment have been updated to remediate this issue.\\n\\n\\n\\n\\n\\nOn-prem:\\u00a0Upgrade to ScreenConnect version 26.2 or later.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003cb\u003eCloud:\u0026nbsp;\u003c/b\u003e\u003cspan\u003eNo action is required. ScreenConnect servers hosted in the\\nScreenConnect cloud environment have been updated to remediate this issue.\u003c/span\u003e\u003c/p\u003e\\n\\n\u003cp\u003e\u003cb\u003eOn-prem\u003c/b\u003e:\u0026nbsp;\u003cspan\u003eUpgrade to ScreenConnect version 26.2 or later.\u003c/span\u003e\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://github.com/ConnectWise-Advisories/Disclosures/tree/main/CVE-2026-11596\"}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.2\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In ScreenConnect\\u2122 versions prior to 26.2, input\\nvalidation within the Host Pass creation functionality could allow an\\nauthenticated user with Host Pass creation privileges the ability to specify a\\ntoken expiration duration beyond the intended maximum when generating delegated\\naccess tokens.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eIn ScreenConnect\\u2122 versions prior to 26.2, input\\nvalidation within the Host Pass creation functionality could allow an\\nauthenticated user with Host Pass creation privileges the ability to specify a\\ntoken expiration duration beyond the intended maximum when generating delegated\\naccess tokens.\u0026nbsp;\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1284\", \"description\": \"CWE-1284 Improper validation of specified quantity in input\"}]}], \"providerMetadata\": {\"orgId\": \"7d616e1a-3288-43b1-a0dd-0a65d3e70a49\", \"shortName\": \"ConnectWise\", \"dateUpdated\": \"2026-06-10T17:15:07.586Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-11596\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-10T18:18:41.537Z\", \"dateReserved\": \"2026-06-08T14:17:16.449Z\", \"assignerOrgId\": \"7d616e1a-3288-43b1-a0dd-0a65d3e70a49\", \"datePublished\": \"2026-06-10T17:15:07.586Z\", \"assignerShortName\": \"ConnectWise\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…