CVE-2026-1697

MEDIUM

PcVue 12.0.0-16.3.3 - Sensitive Cookie Exposure via Missing Secure and SameSite Attributes

Title source: llm
STIX 2.1

Description

The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included.

References (1)

Core 1
Core References
Various Sources vendor-advisory
https://www.pcvue.com/security/#SB2026-2

Scores

CVSS v3 6.5
EPSS 0.0012
EPSS Percentile 2.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-614 CWE-1275
Status published
Products (4)
arcinfo/PcVue 12.0.0
arcinfo/PcVue 15.0.0 - 15.2.13
arcinfo/PcVue 16.0.0 - 16.3.3
arcinformatique/pcvue 12.0.0 - 15.2.13
Published Feb 26, 2026
Tracked Since Feb 26, 2026