HTTP Host Header Injection Vulnerability in PcVue WebClient and WebScheduler
CVE-2026-1698
5.3MEDIUM
What is CVE-2026-1698?
The vulnerability in PcVue’s WebClient and WebScheduler applications allows remote attackers to exploit HTTP Host header attacks. This occurs specifically in version 15.0.0 through 16.3.3, where an attacker can manipulate the server-side behavior via harmful payloads. Targeted endpoints include /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback, and /Authentication/Logout. It is essential for users of these applications to apply security best practices and monitor for potential exploitation.
Affected Version(s)
PcVue 16.0.0 <= 16.3.3
PcVue 15.0.0 <= 15.2.13
