CVE-2026-40434

HIGH

Anviz CrossChex Standard Improper Verification of Source of a Communication Channel

Title source: cna

Description

Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic.

Scores

CVSS v3 8.1
EPSS 0.0002
EPSS Percentile 6.5%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Details

CWE
CWE-940
Status published
Products (1)
Anviz/Anviz CrossChex Standard All versions
Published Apr 17, 2026
Tracked Since Apr 18, 2026