CVE-2026-1694

CVSS

No CVSS.

TTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information about the server configuration.

References

Link	Resource
https://www.pcvue.com/security/#SB2026-2

Configurations

No configuration.

History

26 Feb 2026, 08:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-26 08:16

Updated : 2026-02-27 14:06

NVD link : CVE-2026-1694

Mitre link : CVE-2026-1694

CVE.ORG link : CVE-2026-1694

JSON object : View

Products Affected

No product.

CWE

CWE-201

Insertion of Sensitive Information Into Sent Data

{"id": "CVE-2026-1694", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 2.3, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:Clear", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "CLEAR", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-26T08:16:18.763", "references": [{"url": "https://www.pcvue.com/security/#SB2026-2", "source": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932", "description": [{"lang": "en", "value": "CWE-201"}]}], "descriptions": [{"lang": "en", "value": "HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information about the server configuration."}], "lastModified": "2026-02-27T14:06:59.787", "sourceIdentifier": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932"}

CVE-2026-1694

JSON object

Attach tags to CVE-2026-1694

Attach tags to `CVE-2026-1694`