Missing Secure and SameSite Attributes in PcVue Web Services
CVE-2026-1697

5.3MEDIUM

Key Information:

Vendor

Arcinfo

Status
Vendor
CVE Published:
26 February 2026

Badges

👾 Exploit Exists

What is CVE-2026-1697?

The GraphicalData and WebClient web applications of PcVue versions 12.0.0 through 16.3.3 lack essential Secure and SameSite attributes in their web services. This oversight can lead to security risks, potentially exposing users to cross-site request forgery (CSRF) and similar attacks. Proper implementation of these attributes is crucial for enhancing the security posture of web applications by controlling how cookies are sent with cross-site requests.

Affected Version(s)

PcVue 16.0.0 <= 16.3.3

PcVue 15.0.0 <= 15.2.13

PcVue 12.0.0

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.