Insecure Credential Storage in PcVue Projects by PcVue
CVE-2026-14867

6.8MEDIUM

Key Information:

Vendor

Arcinfo

Status
Vendor
CVE Published:
7 July 2026

Badges

👾 Exploit Exists

What is CVE-2026-14867?

The vulnerability involves the insecure storage of built-in user credentials within the User directory in all versions of PcVue projects before 17.0.0. A local attacker could exploit this weakness to retrieve sensitive user credentials, which could lead to unauthorized access to the affected systems. Notably, Active Directory accounts remain unaffected. Organizations using PcVue should review their security practices and upgrade to the latest version to mitigate risks.

Affected Version(s)

PcVue 0

References

CVSS V4

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.