High severity7.5NVD Advisory· Published Apr 17, 2026· Updated May 4, 2026

CVE-2026-40461

Description

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e.g., enabling SSH), allowing unauthorized state changes that can facilitate later compromise.

Affected products

Anviz/Cx2 Lite Firmware
cpe:2.3:o:anviz:cx2_lite_firmware:-:*:*:*:*:*:*:*
Anviz/Cx7 Firmware
cpe:2.3:o:anviz:cx7_firmware:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.jsonnvdThird Party Advisory
www.anviz.com/contact-us.htmlnvdProduct
www.cisa.gov/news-events/ics-advisories/icsa-26-106-03nvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000