High severity7.5NVD Advisory· Published Apr 17, 2026· Updated May 4, 2026
CVE-2026-40461
CVE-2026-40461
Description
Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e.g., enabling SSH), allowing unauthorized state changes that can facilitate later compromise.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:o:anviz:cx2_lite_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:anviz:cx7_firmware:-:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
3- github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.jsonnvdThird Party Advisory
- www.anviz.com/contact-us.htmlnvdProduct
- www.cisa.gov/news-events/ics-advisories/icsa-26-106-03nvdUS Government Resource
News mentions
0No linked articles in our index yet.