CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-40066

Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.8%

CVSS Severity

CVSS v3 Score 8.8

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json
https://www.anviz.com/contact-us.html
https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03

Products affected by CVE-2026-40066

Anviz » Cx2 Lite » Version: N/A

cpe:2.3:h:anviz:cx2_lite:-
Anviz » Cx7 » Version: N/A

cpe:2.3:h:anviz:cx7:-
Anviz » Cx2 Lite Firmware » Version: N/A

cpe:2.3:o:anviz:cx2_lite_firmware:-
Anviz » Cx7 Firmware » Version: N/A

cpe:2.3:o:anviz:cx7_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-40066

Products

Pricing

Contact Us