CVE-2026-1698
HTTP Host header vulnerability in WebClient and WebScheduler web apps
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
15th
A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback and /Authentication/Logout of the WebClient and WebScheduler web apps.
| CWE | CWE-644 |
| Vendor | arcinfo |
| Product | pcvue |
| Published | Feb 26, 2026 |
| Last Updated | Mar 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for arcinfo pcvue
Be the first to know when new unknown vulnerabilities affecting arcinfo pcvue are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
arcinfo / PcVue
16.0.0 โค 16.3.3 15.0.0 โค 15.2.13