CVE-2026-1698
Received Received - Intake
HTTP Host Header Injection in PcVue WebClient and WebScheduler

Publication date: 2026-02-26

Last updated on: 2026-03-12

Assigner: arcinfo

Description
A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback and /Authentication/Logout of the WebClient and WebScheduler web apps.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-26
Last Modified
2026-03-12
Generated
2026-06-16
AI Q&A
2026-02-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-1698
EUVD
EUVD-2026-8842
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
arcinformatique pcvue From 15.0.0 (inc) to 15.2.13 (inc)
arcinformatique pcvue From 16.0.0 (inc) to 16.3.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-644 The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Executive Summary

This vulnerability is a HTTP Host header attack that affects the WebClient and WebScheduler web applications of PcVue versions 15.0.0 through 16.3.3. It allows a remote attacker to inject harmful payloads that can manipulate the server-side behavior of these applications.

The attack specifically targets the endpoints /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback, and /Authentication/Logout.

Impact Analysis

This vulnerability can allow a remote attacker to manipulate server-side behavior by injecting harmful payloads through the HTTP Host header. This could potentially lead to unauthorized actions or disruptions in the affected web applications.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1698. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart