← Retour aux CVEs
CVE-2026-1692
MEDIUM6.1
Description
A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a malicious website. This vulnerability only affects the following two endpoints: GraphicalData/js/signalR/connect and GraphicalData/js/signalR/reconnect.
Details CVE
Score CVSS v3.16.1
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie2/26/2026
Derniere modification3/12/2026
Sourcenvd
Observations honeypot0
Produits affectes
arcinformatique:pcvue
Faiblesses (CWE)
CWE-1385
References
https://www.pcvue.com/security/#SB2026-2(87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.