CVE Catalog

CVE-2026-1697

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

The Secure and SameSite attributes are missing in cookies used by the GraphicalData web services and WebClient web app of PcVue versions 12.0.0 through 16.3.3. This allows session hijacking and CSRF attacks.

Risk Assessment

Missing these attributes exposes the organization to session theft and unauthorized actions performed in the context of user sessions, potentially leading to data leakage or account takeover.

Recommendation

Upgrade PcVue to a version later than 16.3.3 where the Secure and SameSite attributes are added. If upgrade is not possible, configure the web server to enforce these attributes.

Original NVD description (English source)

The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS