Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
PcVue WebClient and WebScheduler allow malicious server manipulation
CVE-2026-1698
Summary
Two PcVue web apps have a security weakness that lets hackers remotely control server behavior. This affects PcVue WebClient and WebScheduler in versions 15.0.0 through 16.3.3. To protect your system, update to a fixed version of PcVue as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| arcinformatique | pcvue | > 15.0.0 , <= 15.2.13 | – |
| arcinformatique | pcvue | > 16.0.0 , <= 16.3.4 | – |
Original title
A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads tha...
Original description
A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior.
This vulnerability only affects the endpoints /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback and /Authentication/Logout
of the WebClient and WebScheduler web apps.
This vulnerability only affects the endpoints /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback and /Authentication/Logout
of the WebClient and WebScheduler web apps.
nvd CVSS4.0
5.3
Vulnerability type
CWE-644
Published: 26 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026