CVE-2026-1698

Name of the Vulnerable Software and Affected Versions PcVue WebClient and WebScheduler versions 15.0.0 through 16.3.3

Description A HTTP Host header attack affects the WebClient and WebScheduler web apps, potentially allowing a remote attacker to inject harmful payloads and manipulate server-side behavior. The issue impacts the following API endpoints: /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback, and /Authentication/Logout. The attack exploits the HTTP Host header to inject malicious content.

Recommendations Update to a version later than 16.3.3.