Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
PcVue Web Services Allow Remote Attackers to Lure Users to Malicious Websites
CVE-2026-1692
Summary
The PcVue Web Services in versions 12.0.0 through 16.3.3 do not properly check where data is coming from, which allows a malicious website to trick a legitimate PcVue user into visiting it. This could lead to a security risk for users who have accessed PcVue services. PcVue users and administrators should update to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| arcinformatique | pcvue | > 12.0.0 , <= 15.2.13 | – |
| arcinformatique | pcvue | > 16.0.0 , <= 16.3.4 | – |
Original title
A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16....
Original description
A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a malicious website.
This vulnerability only affects the following two endpoints: GraphicalData/js/signalR/connect and GraphicalData/js/signalR/reconnect.
This vulnerability only affects the following two endpoints: GraphicalData/js/signalR/connect and GraphicalData/js/signalR/reconnect.
nvd CVSS4.0
5.3
Vulnerability type
CWE-1385
Published: 26 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026