CVE-2026-1698

Medium CVSS: 5.3

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior.

This vulnerability only affects the endpoints /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback and /Authentication/Logout
of the WebClient and WebScheduler web apps.

Vendor

Arcinformatique

Product

Pcvue

CWE

CWE-644

Yayın Tarihi

2026-02-26 08:16:19

Güncelleme

2026-03-12 14:30:52

Source Identifier

87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932

KEV Date Added

Kategoriler

CWE-644 Pcvue MEDIUM Arcinformatique 2026

Referanslar

https://www.pcvue.com/security/#SB2026-2

Benzer Kayıtlar

Medium

CVE-2026-1695

An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of P…

Low

CVE-2026-1696

Some HTTP security headers are not properly set by the web server when sending responses to the client application.

Medium

CVE-2026-1697

The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in versio…

Medium

CVE-2026-1692

A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebSc…

Medium

CVE-2026-1693

The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still used by the werbservices used by the WebVu…

Low

CVE-2026-1694

HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of t…