CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-35682

Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution (e.g., starting telnetd), resulting in root‑level access.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 50.4%

CVSS Severity

CVSS v3 Score 8.8

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json
https://www.anviz.com/contact-us.html
https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03

Products affected by CVE-2026-35682

Anviz » Cx2 Lite » Version: N/A

cpe:2.3:h:anviz:cx2_lite:-
Anviz » Cx2 Lite Firmware » Version: N/A

cpe:2.3:o:anviz:cx2_lite_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-35682

Products

Pricing

Contact Us