CVE-2026-1692

A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a malicious website. This vulnerability only affects the following two endpoints: GraphicalData/js/signalR/connect and GraphicalData/js/signalR/reconnect.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.pcvue.com/security/#SB2026-2	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:arcinformatique:pcvue::::::::
	cpe:2.3:a:arcinformatique:pcvue::::::::

History

12 Mar 2026, 14:20

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.1
References	~~() https://www.pcvue.com/security/#SB2026-2 -~~	() https://www.pcvue.com/security/#SB2026-2 - Vendor Advisory
First Time		Arcinformatique Arcinformatique pcvue
Summary		(es) Una vulnerabilidad de validación de origen faltante en WebSockets afecta a los servicios web GraphicalData utilizados por las características WebVue, WebScheduler, TouchVue y SnapVue de PcVue en la versión 12.0.0 hasta la 16.3.3 incluida. Podría permitir a un atacante remoto atraer a un usuario autenticado con éxito a un sitio web malicioso. Esta vulnerabilidad solo afecta a los dos siguientes endpoints: GraphicalData/js/signalR/connect y GraphicalData/js/signalR/reconnect.
CPE		cpe:2.3:a:arcinformatique:pcvue::::::::

26 Feb 2026, 08:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-26 08:16

Updated : 2026-03-12 14:20

NVD link : CVE-2026-1692

Mitre link : CVE-2026-1692

CVE.ORG link : CVE-2026-1692

JSON object : View

Products Affected

arcinformatique

pcvue

CWE

CWE-1385

Missing Origin Validation in WebSockets

{"id": "CVE-2026-1692", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 5.3, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:Clear", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "CLEAR", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-26T08:16:18.160", "references": [{"url": "https://www.pcvue.com/security/#SB2026-2", "tags": ["Vendor Advisory"], "source": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932", "description": [{"lang": "en", "value": "CWE-1385"}]}], "descriptions": [{"lang": "en", "value": "A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a malicious website.\n\nThis vulnerability only affects the following two endpoints: GraphicalData/js/signalR/connect and GraphicalData/js/signalR/reconnect."}, {"lang": "es", "value": "Una vulnerabilidad de validaci\u00f3n de origen faltante en WebSockets afecta a los servicios web GraphicalData utilizados por las caracter\u00edsticas WebVue, WebScheduler, TouchVue y SnapVue de PcVue en la versi\u00f3n 12.0.0 hasta la 16.3.3 incluida. Podr\u00eda permitir a un atacante remoto atraer a un usuario autenticado con \u00e9xito a un sitio web malicioso.\n\nEsta vulnerabilidad solo afecta a los dos siguientes endpoints: GraphicalData/js/signalR/connect y GraphicalData/js/signalR/reconnect."}], "lastModified": "2026-03-12T14:20:44.147", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arcinformatique:pcvue:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "991311B5-07A8-4CA5-9A07-17D0110128AF", "versionEndIncluding": "15.2.13", "versionStartIncluding": "12.0.0"}, {"criteria": "cpe:2.3:a:arcinformatique:pcvue:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36C7C670-9A8E-49CD-A04C-8426A4C0C911", "versionEndExcluding": "16.3.4", "versionStartIncluding": "16.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932"}