CVE-2026-14867

Summary

Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials. 

Active Directory accounts are not affected by this vulnerability.

Affected Software

VendorProductVersion RangeStatus
arcinfoPcVue0 < 17.0.0affected

Weaknesses

  • CWE-256: CWE-256 Plaintext storage of a password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References