PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-14867 arcinfo CVE debrief

CVE-2026-14867 is a vulnerability in PcVue projects where credentials of built-in users are stored insecurely in the User directory. This issue affects all versions prior to 17.0.0 and allows a local attacker to retrieve users' credentials. Active Directory accounts are not affected. The vulnerability has a CVSS score of 6.8 and a severity of MEDIUM. The CVE record was published on 2026-07-07T10:16:40.120Z and has not been modified since then.

Vendor
arcinfo
Product
PcVue
CVSS
MEDIUM 6.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-07
Original CVE updated
2026-07-07
Advisory published
2026-07-07
Advisory updated
2026-07-07

Who should care

Users of PcVue projects, especially those using versions prior to 17.0.0, should be aware of this vulnerability and take necessary actions to secure their systems. This includes upgrading to PcVue version 17.0.0 or later, reviewing and updating user credentials, and implementing additional monitoring for local attacks.

Technical summary

The vulnerability exists due to insecure storage of built-in user credentials in the User directory of PcVue projects. A local attacker could exploit this to retrieve users' credentials. The issue is resolved in version 17.0.0 and later. The vulnerability has a CVSS score of 6.8 and a severity of MEDIUM.

Defensive priority

Medium priority due to the local attack vector and potential for credential exposure. Users should review and update user credentials, implement additional monitoring for local attacks, and consider compensating controls for exposed systems while remediation is scheduled and verified. An owner should be assigned for follow-up on affected product deployments in managed environments. The official advisory or CVE record should be reviewed to validate affected scope, severity, and vendor guidance. Relevant monitoring, detection, and logs should be checked for exposed assets that need extra review. A defensive review of the current system configuration and potential impacts is recommended. Additionally, planning for vendor-supported updates or mitigations through normal change control where exposure is confirmed is crucial. Asset inventory and source tracking should also be considered to enhance security posture against this vulnerability. Monitoring for suspicious activities related to credential exposure and implementing rollback/change windows for updates are also advised.

Recommended defensive actions

  • Upgrade to PcVue version 17.0.0 or later
  • Review and update user credentials
  • Implement additional monitoring for local attacks

Evidence notes

The CVE record was published on 2026-07-07T10:16:40.120Z and has not been modified since then. The NVD entry is currently in the 'Received' status. This information is based on the supplied source corpus and may not reflect the full scope or current status of the vulnerability. Users should verify the details with the official CVE record and NVD entry for the most up-to-date information. The vulnerability affects PcVue projects, specifically versions prior to 17.0.0, and allows a local attacker to retrieve users' credentials. Active Directory accounts are not affected.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T10:16:40.120Z and has not been modified since then. The NVD entry is currently in the 'Received' status.