Origin Validation Flaw in WebSockets Affects PcVue by PcVue Technologies
CVE-2026-1692

5.3MEDIUM

Key Information:

Vendor

Arcinfo

Status
Vendor
CVE Published:
26 February 2026

Badges

👾 Exploit Exists

What is CVE-2026-1692?

The WebSockets vulnerability in PcVue's GraphicalData services has been identified, specifically impacting versions 12.0.0 through 16.3.3. This flaw arises from missing origin validation, which may allow a remote attacker to redirect a successfully authenticated user to a malicious site. The vulnerability primarily affects the endpoints GraphicalData/js/signalR/connect and GraphicalData/js/signalR/reconnect. Admins are advised to implement necessary mitigations to secure their systems against potential exploits.

Affected Version(s)

PcVue 16.0.0 <= 16.3.3

PcVue 15.0.0 <= 15.2.13

PcVue 12.0.0

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.