CVE-2026-1697
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
The Secure and SameSite attributes are missing in cookies used by the GraphicalData web services and WebClient web app of PcVue versions 12.0.0 through 16.3.3. This allows session hijacking and CSRF attacks.
Risk Assessment
Missing these attributes exposes the organization to session theft and unauthorized actions performed in the context of user sessions, potentially leading to data leakage or account takeover.
Recommendation
Upgrade PcVue to a version later than 16.3.3 where the Secure and SameSite attributes are added. If upgrade is not possible, configure the web server to enforce these attributes.
Original NVD description (English source)
The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included.

