CVE-2026-40066

EPSS 0.3%
Veröffentlicht 17.04.2026 19:43:20
Zuletzt bearbeitet 04.05.2026 14:31:04
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Anviz Products Download of Code Without Integrity Check

Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The 
device unpacks and executes a script resulting in unauthenticated remote
 code execution.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Anviz ≫ Cx7 Firmware Version-

Anviz ≫ Cx7 Version-

Anviz ≫ Cx2 Lite Firmware Version-

Anviz ≫ Cx2 Lite Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.215

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
ics-cert@hq.dhs.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-494 Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

https://www.anviz.com/contact-us.html

Product

https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03

US Government Resource

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-40066

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-40066

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-40066

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-40066