The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2026-1698

CVE-2026-1698: PcVue WebClient & WebScheduler RCE Flaw

CVE-2026-1698 is a remote code execution vulnerability in PcVue WebClient and WebScheduler caused by HTTP Host header attacks. Attackers can inject malicious payloads to manipulate server behavior. This guide covers technical details, affected versions, impact, and mitigation strategies.

Published: February 27, 2026

CVE-2026-1698 Overview

A HTTP Host header attack vulnerability has been identified in PcVue's WebClient and WebScheduler web applications. This vulnerability affects versions 15.0.0 through 16.3.3 and allows remote attackers to inject harmful payloads that manipulate server-side behavior through improper validation of the HTTP Host header.

The vulnerability specifically impacts three authentication-related endpoints: /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback, and /Authentication/Logout within the WebClient and WebScheduler web applications.

Critical Impact

Remote attackers can exploit HTTP Host header injection to manipulate server-side behavior, potentially leading to cache poisoning, password reset attacks, or redirection to malicious sites during authentication flows.

Affected Products

  • PcVue WebClient versions 15.0.0 through 16.3.3
  • PcVue WebScheduler versions 15.0.0 through 16.3.3
  • Authentication endpoints within affected web applications

Discovery Timeline

  • February 26, 2026 - CVE-2026-1698 published to NVD
  • February 26, 2026 - Last updated in NVD database

Technical Details for CVE-2026-1698

Vulnerability Analysis

This HTTP Host header attack vulnerability (CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax) allows attackers to inject malicious values into the HTTP Host header. When the vulnerable PcVue web applications process authentication requests, they fail to properly validate or sanitize the Host header value before using it in server-side operations.

The vulnerability is particularly concerning because it affects authentication-related endpoints. During the authentication flow, applications often use the Host header to generate URLs for redirects, password reset links, or callback URLs. An attacker who can control or influence these URLs could redirect users to malicious sites or intercept authentication tokens.

Root Cause

The root cause of this vulnerability is improper neutralization of HTTP headers for scripting syntax (CWE-644). The WebClient and WebScheduler applications trust the HTTP Host header provided by the client without adequate validation. When this untrusted input is used to construct URLs or influence application behavior, it creates an injection vector for attackers.

The affected endpoints (/Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback, and /Authentication/Logout) appear to use the Host header value in authentication workflows, potentially for constructing redirect URLs or callback addresses.

Attack Vector

The attack is network-based and requires no authentication to exploit. An attacker can craft malicious HTTP requests with a manipulated Host header targeting the vulnerable authentication endpoints. The attack typically requires some form of user interaction, such as clicking on a malicious link that triggers the authentication flow.

A typical exploitation scenario involves an attacker sending a crafted HTTP request with a malicious Host header value. When the application uses this header to generate redirect URLs during authentication, users may be redirected to attacker-controlled domains, potentially exposing authentication tokens or credentials.

For detailed technical information, refer to the PCVue Security Bulletin SB2026-2.

Detection Methods for CVE-2026-1698

Indicators of Compromise

  • Unusual or unexpected Host header values in HTTP logs for authentication endpoints
  • HTTP requests to /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback, or /Authentication/Logout with Host headers containing external or suspicious domain names
  • Authentication redirect URLs pointing to domains other than the legitimate PcVue server
  • Web server logs showing mismatched Host headers and destination IP addresses

Detection Strategies

  • Implement web application firewall (WAF) rules to detect and block HTTP requests with malformed or suspicious Host headers
  • Monitor authentication endpoint access logs for requests with Host headers that don't match expected server names
  • Deploy anomaly detection to identify authentication flows redirecting to unexpected domains
  • Review proxy and load balancer logs for Host header manipulation attempts

Monitoring Recommendations

  • Enable detailed HTTP logging for all PcVue WebClient and WebScheduler authentication endpoints
  • Configure SIEM rules to alert on Host header anomalies in requests to affected endpoints
  • Monitor for unusual patterns in authentication callback URLs
  • Track failed authentication attempts that may indicate exploitation attempts

How to Mitigate CVE-2026-1698

Immediate Actions Required

  • Update PcVue to a version newer than 16.3.3 where the vulnerability has been patched
  • Implement strict Host header validation at the web server or reverse proxy level
  • Configure allowed Host values in web server configuration to reject requests with unexpected Host headers
  • Review authentication logs for any evidence of prior exploitation attempts

Patch Information

ARC Informatique has released security information regarding this vulnerability in PCVue Security Bulletin SB2026-2. Organizations should consult this bulletin for specific patch versions and upgrade instructions. Apply the latest security updates from the vendor to address this vulnerability.

Workarounds

  • Configure web servers (IIS, Apache, Nginx) to validate and whitelist allowed Host header values
  • Implement a reverse proxy that enforces strict Host header policies before requests reach PcVue applications
  • Use web application firewalls to filter requests with manipulated Host headers to authentication endpoints
  • Consider restricting network access to authentication endpoints to trusted IP ranges where feasible
bash
# Example: Nginx configuration to validate Host header
server {
    listen 443 ssl;
    server_name pcvue.example.com;
    
    # Reject requests with invalid Host headers
    if ($host !~ ^(pcvue\.example\.com)$) {
        return 444;
    }
    
    # Additional security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
}

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeRCE
  • Vendor/TechPcvue
  • SeverityMEDIUM
  • CVSS Score5.3
  • EPSS Probability0.21%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:M/U:Clear
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityNone
  • CWE References
  • CWE-644
  • Technical References
  • PCVue Security Bulletin SB2026-2
  • Related CVEs
  • CVE-2026-1697: PcVue XSS Vulnerability in Web Services
  • CVE-2026-1695: PcVue OAuth Services XSS Vulnerability
  • CVE-2026-1694: PcVue Information Disclosure Vulnerability
  • CVE-2026-1693: PcVue Authentication Bypass Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English