CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-35546

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 22.9%

CVSS Severity

CVSS v3 Score 9.8

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json
https://www.anviz.com/contact-us.html
https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03

Products affected by CVE-2026-35546

Anviz » Cx2 Lite » Version: N/A

cpe:2.3:h:anviz:cx2_lite:-
Anviz » Cx7 » Version: N/A

cpe:2.3:h:anviz:cx7:-
Anviz » Cx2 Lite Firmware » Version: N/A

cpe:2.3:o:anviz:cx2_lite_firmware:-
Anviz » Cx7 Firmware » Version: N/A

cpe:2.3:o:anviz:cx7_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-35546

Products

Pricing

Contact Us