CVE-2026-1693

UNKNOWN 0.0

Use of vulnerable Resource Owner Password Credentials flow

CVSS Score

0.0

EPSS Score

0.1%

EPSS Percentile

17th

The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user credentials.

CWE	CWE-1390 CWE-477
Vendor	arcinfo
Product	pcvue
Published	Feb 26, 2026
Last Updated	Mar 26, 2026

Stay Ahead of the Next One

Get instant alerts for arcinfo pcvue

Be the first to know when new unknown vulnerabilities affecting arcinfo pcvue are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

arcinfo / PcVue

16.0.0 ≤ 16.3.3 15.0.0 ≤ 15.2.13 12.0.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

pcvue.com: https://www.pcvue.com/security/#SB2026-2