CVE-2026-1692

EUVD-2026-8836
A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a malicious website.

This vulnerability only affects the following two endpoints: GraphicalData/js/signalR/connect and GraphicalData/js/signalR/reconnect.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
arcinformatiquepcvue
12.0.0 ≤
𝑥
≤ 15.2.13
arcinformatiquepcvue
16.0.0 ≤
𝑥
< 16.3.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.pcvue.com/security/#SB2026-2