Authenticated Command Injection Vulnerability in Anviz CX2 Lite by Anviz
CVE-2026-35682

8.8HIGH

Key Information:

Vendor: Anviz
Status: Anviz Cx2 Lite Firmware
Vendor: CVE Published:; 17 April 2026

What is CVE-2026-35682?

The Anviz CX2 Lite is susceptible to an authenticated command injection vulnerability through a filename parameter. This loophole allows for arbitrary command execution, granting potential attackers root-level access to the device. This exposure can lead to unauthorized control over the device, emphasizing the need for immediate security measures to mitigate risks.

Affected Version(s)

Anviz CX2 Lite Firmware All versions

References

https://www.anviz.com/contact-us.html

https://www.cisa.gov/news-events/ics-advisories/icsa-26-1...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Apr 14, 2026

CVE-2026-35682 Data

JSON