CVE-2026-1693— Use of vulnerable Resource Owner Password Credentials flow

EPSS 0.06% · P19 Updated Mar 26, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-1693

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Use of vulnerable Resource Owner Password Credentials flow

Source: NVD (National Vulnerability Database)

Vulnerability Description

The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user credentials.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

CWE-1390

Source: NVD (National Vulnerability Database)

Vulnerability Title

PcVue 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

PcVue是PcVue公司的一个可靠、安全、强大的运营软件平台，专用于监测和控制建筑和园区管理等市场中的应用。 PcVue 12.0.0版本至16.3.3版本存在安全漏洞，该漏洞源于使用已弃用的ROPC授权流程，可能导致用户凭据被盗。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
arcinfo	PcVue	16.0.0 ~ 16.3.3	-

II. Public POCs for CVE-2026-1693

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-1693

请登录查看更多情报信息。

Security Bulletins | PcVue PcVuevendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-1693

Same Patch Batch · arcinfo · 2026-02-26 · 7 CVEs total

CVE-2026-1698		HTTP Host header vulnerability in WebClient and WebScheduler web apps
CVE-2026-1692		Missing origin validation in GraphicalData web service requests
CVE-2026-1696		Missing security HTTP headers
CVE-2026-1695		XSS vulnerability upon unsuccessful authentication
CVE-2026-1697		Use of unsecure cookies for GraphicalData web service and WebClient web app
CVE-2026-1694		Server configuration details in HTTP headers

IV. Related Vulnerabilities

Same product: PcVue

Same vendor: arcinfo

Same weakness: CWE-1390

V. Comments for CVE-2026-1693

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-1693— Use of vulnerable Resource Owner Password Credentials flow

I. Basic Information for CVE-2026-1693

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-1693

III. Intelligence Information for CVE-2026-1693

Same Patch Batch · arcinfo · 2026-02-26 · 7 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-1693

Leave a comment