PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-1695 arcinfo CVE debrief

CVE-2026-1695 is a MEDIUM severity XSS vulnerability affecting PcVue's OAuth web services. The vulnerability exists in versions 12.0.0 through 16.3.3 and could allow a remote attacker to trick a legitimate user into loading content from another site upon unsuccessful user authentication. This type of vulnerability typically requires user interaction to exploit and can have significant impacts if not properly mitigated.

Vendor
arcinfo
Product
PcVue
CVSS
MEDIUM 5.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-02-26
Original CVE updated
2026-07-09
Advisory published
2026-02-26
Advisory updated
2026-07-09

Who should care

Users of PcVue versions 12.0.0 through 16.3.3 should be aware of this vulnerability and take steps to mitigate it. This includes applying the necessary patches or updates provided by the vendor. Additionally, users should review their systems for potential exposure and implement compensating controls if necessary.

Technical summary

The vulnerability is an XSS issue affecting the OAuth web services used by the WebVue, WebScheduler, TouchVue, and SnapVue features of PcVue. It is triggered on the error page of the OAuth server and requires user interaction to exploit. The CVSS score for this vulnerability is 5.3, indicating a MEDIUM severity level. The vulnerability can be mitigated by applying patches or updates provided by the vendor.

Defensive priority

Medium priority should be given to patching or mitigating this vulnerability, as it requires user interaction but can still have significant impacts. Implementing additional security measures such as input validation and output encoding can help prevent XSS attacks. Monitoring systems for suspicious activity and ensuring that users are aware of the potential risks is also important.

Recommended defensive actions

  • Apply patches or updates provided by the vendor to vulnerable versions of PcVue.
  • Implement additional security measures such as input validation and output encoding to prevent XSS attacks.
  • Monitor systems for suspicious activity and ensure that users are aware of the potential risks.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.

Evidence notes

The CVE record was published on 2026-02-26T08:16:19.063Z and last modified on 2026-07-09T18:32:08.463Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects PcVue versions 12.0.0 through 16.3.3. The error page of the OAuth server is where the vulnerability is triggered. User interaction is required to exploit this vulnerability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-02-26T08:16:19.063Z and has not been modified since then. The NVD entry is currently Analyzed.