CVE-2026-40434

Description

Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic.

CVSS breakdown

CVSS 3.1

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Affected products

Anviz / Anviz CrossChex StandardAll versions – All versions

References

MISChttps://www.anviz.com/contact-us.html
VENDOR_ADVISORYhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03
MISChttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json