CVE-2026-1697
Received
Received - Intake
Missing Secure and SameSite Attributes in PcVue Web Services
Vulnerability report for CVE-2026-1697, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-02-26
Last updated on: 2026-03-12
Assigner: arcinfo
Description
Description
The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arcinformatique | pcvue | From 16.0.0 (inc) to 16.3.4 (exc) |
| arcinformatique | pcvue | From 12.0.0 (inc) to 15.2.13 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-614 | The Secure attribute for sensitive cookies in HTTPS sessions is not set. |
| CWE-1275 | The SameSite attribute for sensitive cookies is not set, or an insecure value is used. |