TCP Packet Injection Vulnerability in Anviz CrossChex Standard
CVE-2026-40434

8.1HIGH

Key Information:

Vendor: Anviz
Status: Anviz Crosschex Standard
Vendor: CVE Published:; 17 April 2026

What is CVE-2026-40434?

The Anviz CrossChex Standard application suffers from a significant security flaw due to a lack of source verification in the client/server communication channel. This vulnerability allows malicious actors on the same network to launch TCP packet injection attacks, potentially altering or disrupting application traffic. Without appropriate safeguards in place, sensitive data may be at risk, highlighting the need for prompt security assessments and mitigations.

Affected Version(s)

Anviz CrossChex Standard All versions

References

https://www.anviz.com/contact-us.html

https://www.cisa.gov/news-events/ics-advisories/icsa-26-1...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Apr 14, 2026

CVE-2026-40434 Data

JSON