CVE-2026-11596
4.7 MEDIUMIn ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user ...
Published: 2026-06-10 · Last updated: 2026-06-10
Severity and scoring
- CVSS
- 4.7 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-1284
Description
In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-53689 — libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS ... (7.1 HIGH)
- CVE-2026-49777 — Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious... (10.0 CRITICAL)
- CVE-2026-47329 — Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification respo... (3.3 LOW)
- CVE-2026-9801 — A flaw was found in Keycloak (4.9 MEDIUM)
- CVE-2026-44635 — Kysely is a type-safe TypeScript SQL query builder (7.5 HIGH)