Primary

Context

PcVue WebClient and WebScheduler HTTP Host Header Injection Vulnerability

Vulnerability

Patched

A vulnerability allowing HTTP Host header injection has been identified in the WebClient and WebScheduler applications of PcVue, affecting versions 15.0.0 through 16.3.3. This vulnerability allows remote attackers to inject harmful payloads that manipulate server-side behavior. The issue is present in the endpoints /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback, and /Authentication/Logout.

Impact

Exploitation of this vulnerability could lead to unauthorized manipulation of server-side behavior, potentially allowing for further attacks or exploitation of additional vulnerabilities.

Remediation

Users can upgrade to PcVue version 16.3.4 or 15.2.14 to address this vulnerability.

Added: Feb 26, 2026, 10:14 AM

Updated: Feb 26, 2026, 10:14 AM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

4.5

remediation

7.7

relevance

3.2

threat

0.0

urgency

0.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

4.5

remediation

7.7

relevance

3.2

threat

0.0

urgency

0.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PcVue WebClient and WebScheduler HTTP Host Header Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

PcVue WebClient

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating