Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
2.3
IIS and ASP.net headers expose sensitive server information
CVE-2026-1694
Summary
The default settings of IIS and ASP.net are leaving behind potentially sensitive information about the server, which could be exploited by unauthorized parties. This information is exposed through HTTP headers in the Webservices used by WebVue, WebScheduler, TouchVue, and SnapVue features of PcVue versions 12.0.0 through 16.3.3. To fix this, ensure that these headers are properly removed during the deployment phase of the webservices.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| arcinformatique | pcvue | > 12.0.0 , <= 15.2.13 | – |
| arcinformatique | pcvue | > 16.0.0 , <= 16.3.4 | – |
Original title
HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue feature...
Original description
HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information about the server configuration.
nvd CVSS4.0
2.3
Vulnerability type
CWE-201
Published: 26 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026