Home / Vulnerability Intelligence / CVE-2026-40066

CVE-2026-40066 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: April 17, 2026

Anviz CX2 Lite & CX7 - Remote Code Execution

Published: April 17, 2026Updated: April 17, 2026Remote Exploitable

Overview

Anviz CX2 Lite and CX7 contain an unauthenticated remote code execution vulnerability caused by unverified update packages that execute scripts, letting remote attackers execute arbitrary code without authentication.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Remote attackers can execute arbitrary code without authentication, potentially taking full control of the device.

Mitigation

Update to the latest version with verified update package validation.

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json
https://www.anviz.com/contact-us.html
https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-40066
Severity: High
CVSS Score: 8.8
Type: remote_code_execution
Status: new

CWE

CWE-494

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H