CVE-2026-1697 MEDIUM

CVE-2026-1697: Use of unsecure cookies for GraphicalData web service and WebClient web app

Vendor Arcinfo
Product PcVue
Weakness CWE-614 · Cookie without Secure flag
Published February 26, 2026
Last update March 26, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/AU:Y/R:U/RE:M/U:Clear

What the vulnerability does

01Description

The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included.

Key dates

02Disclosure timeline

February 26, 2026 CVE published
March 26, 2026 Record updated