CVE-2026-1694

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-1694
HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information about the server configuration.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.pcvue.com/security/#SB2026-2 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:arcinformatique:pcvue:*:*:*:*:*:*:*:*
cpe:2.3:a:arcinformatique:pcvue:*:*:*:*:*:*:*:*
History

12 Mar 2026, 14:25

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.3
Summary
  • (es) Los encabezados HTTP son añadidos por la configuración predeterminada de IIS y ASP.net, y no son eliminados en la fase de despliegue de los servicios web utilizados por las funcionalidades WebVue, WebScheduler, TouchVue y SnapVue de PcVue desde la versión 12.0.0 hasta la 16.3.3 incluida. Esto expone innecesariamente información sensible sobre la configuración del servidor.
First Time Arcinformatique
Arcinformatique pcvue
References () https://www.pcvue.com/security/#SB2026-2 - () https://www.pcvue.com/security/#SB2026-2 - Vendor Advisory
CPE cpe:2.3:a:arcinformatique:pcvue:*:*:*:*:*:*:*:*

26 Feb 2026, 08:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-26 08:16

Updated : 2026-03-12 14:25

NVD link : CVE-2026-1694

Mitre link : CVE-2026-1694

CVE.ORG link : CVE-2026-1694

JSON object : View

Products Affected

arcinformatique

  • pcvue
CWE
CWE-201

Insertion of Sensitive Information Into Sent Data