CVE-2026-40434
TCP Packet Injection Vulnerability in Anviz CrossChex Standard
Publication date: 2026-04-17
Last updated on: 2026-05-04
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anviz | crosschex_standard | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-940 | The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in Anviz CrossChex Standard is due to a lack of source verification in the client/server communication channel. This weakness allows an attacker who is on the same network to perform TCP packet injection, meaning they can insert malicious packets into the communication stream between the client and server.
By injecting these packets, the attacker can alter or disrupt the normal application traffic, potentially interfering with the intended operation of the software.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker on the same network to manipulate or disrupt the communication between the client and server of Anviz CrossChex Standard.
- The attacker can alter application traffic, potentially causing incorrect or malicious data to be processed.
- The attacker can disrupt the applicationβs normal operation, leading to denial of service or other interruptions.
Overall, this can compromise the integrity and availability of the application.