Connectwise · Screenconnect · CVE-2026-11596
**Name of the Vulnerable Software and Affected Versions**
ScreenConnect versions prior to 26.2
**Description**
Insufficient input validation within the Host Pass creation functionality allows an authenticated user with Host Pass creation privileges to specify a token expiration duration that exceeds the intended maximum when generating delegated access tokens.
**Recommendations**
Update to version 26.2.