Missing Secure and SameSite Attributes in PcVue Web Services
CVE-2026-1697
5.3MEDIUM
What is CVE-2026-1697?
The GraphicalData and WebClient web applications of PcVue versions 12.0.0 through 16.3.3 lack essential Secure and SameSite attributes in their web services. This oversight can lead to security risks, potentially exposing users to cross-site request forgery (CSRF) and similar attacks. Proper implementation of these attributes is crucial for enhancing the security posture of web applications by controlling how cookies are sent with cross-site requests.
Affected Version(s)
PcVue 16.0.0 <= 16.3.3
PcVue 15.0.0 <= 15.2.13
PcVue 12.0.0
