CVE-2026-1696 LOW

CVE-2026-1696: Missing security HTTP headers

Vendor Arcinfo
Product PcVue
Weakness CWE-79 · XSS
Published February 26, 2026
Last update March 26, 2026
View on NVD All CVEs

CVSS base score

2.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y/R:U/RE:M/U:Clear

What the vulnerability does

01Description

Some HTTP security headers are not properly set by the web server when sending responses to the client application.

Key dates

02Disclosure timeline

February 26, 2026 CVE published
March 26, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-48442 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2025-47509 WordPress Top 10 plugin <= 4.1.0 - Cross Site Scripting (XSS) Vulnerability CVE-2024-50407 WordPress Namaste! LMS plugin <= 2.6.2 - Cross Site Scripting (XSS) vulnerability CVE-2025-49412 WordPress Page Transition plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability CVE-2021-24828 Mortgage Calculator / Loan Calculator < 1.5.17 - Contributor+ Stored Cross-Site Scripting