CVE-2026-11596 is a medium-severity vulnerability in ScreenConnect versions prior to 26.2. The issue lies in the input validation within the Host Pass creation functionality, which could allow an authenticated user with Host Pass creation privileges to specify a token expiration duration beyond the intended maximum when generating delegated access tokens. This vulnerability has a CVSS score of 4.7 and is [truncated]
CVE-2026-9089 is a high-severity authenticity verification weakness in the ConnectWise Automate Agent. According to the vendor bulletin referenced by NVD, the agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. The issue is addressed in Automate 2026.5.
Known exploitedConnectWiseCVE published 2026-04-28
CVE-2024-1708 is a ConnectWise ScreenConnect path traversal vulnerability that CISA has listed in its Known Exploited Vulnerabilities catalog. That KEV inclusion means CISA considers the issue known to be exploited in the wild and has set a remediation due date of 2026-05-12 for the public sector. The safest response is to apply vendor-recommended mitigations immediately; if mitigations are not available [truncated]
Known exploitedConnectWiseCVE published 2025-06-02
CVE-2025-3935 is an improper authentication vulnerability in ConnectWise ScreenConnect that CISA added to the Known Exploited Vulnerabilities catalog on 2025-06-02. Because it is listed in KEV, defenders should treat it as urgent and follow vendor mitigation guidance immediately. CISA’s remediation guidance is to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud ser [truncated]
Known exploitedConnectWiseCVE published 2024-02-22
CVE-2024-1709 is an authentication bypass issue in ConnectWise ScreenConnect that CISA added to its Known Exploited Vulnerabilities catalog on 2024-02-22. Because CISA classifies it as known exploited and notes known ransomware campaign use, organizations running ScreenConnect should treat it as an urgent defensive priority and follow vendor guidance immediately.
