CVE-2026-1692

Name of the Vulnerable Software and Affected Versions PcVue versions 12.0.0 through 16.3.3

Description A missing origin validation in WebSockets can affect the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features. This could allow a remote attacker to redirect a successfully authenticated user to a malicious website. The issue is present in the following API endpoints: /GraphicalData/js/signalR/connect and /GraphicalData/js/signalR/reconnect.

Recommendations Versions 12.0.0 through 16.3.3 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.