CVE-2026-40434 HIGH

CVE-2026-40434: Anviz CrossChex Standard Improper Verification of Source of a Communication Channel

Vendor Anviz
Product Anviz CrossChex Standard
Weakness CWE-940
Published April 17, 2026
Last update April 17, 2026

CVSS base score

8.1/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic.

Key dates

02Disclosure timeline

April 17, 2026 CVE published
April 17, 2026 Record updated