← Voltar para CVEs
CVE-2026-1692
MEDIUM6.1
Descricao
A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a malicious website. This vulnerability only affects the following two endpoints: GraphicalData/js/signalR/connect and GraphicalData/js/signalR/reconnect.
Detalhes CVE
Pontuacao CVSS v3.16.1
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado2/26/2026
Ultima modificacao3/12/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
arcinformatique:pcvue
Fraquezas (CWE)
CWE-1385
Referencias
https://www.pcvue.com/security/#SB2026-2(87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.