CVE-2026-40434 is a vulnerability in Anviz CrossChex Standard caused by the absence of source verification in the client/server channel. This weakness enables an attacker with network access to perform TCP packet injection, which can modify or disrupt the normal traffic between client and server. The vulnerability affects all versions of the product and is classified under CWE-940 (Improper Verification of Source). The CVSS 3.1 base score is 8.1, indicating high severity, with attack vector requiring adjacent network access, low attack complexity, no privileges or user interaction needed, and impacts integrity and availability. No official patch or remediation level has been published by the vendor as of the data provided.

An attacker on the same network segment can inject TCP packets into the communication channel between the client and server of Anviz CrossChex Standard. This can lead to alteration or disruption of application traffic, impacting the integrity and availability of the system. Confidentiality is not affected. The vulnerability is rated high severity with a CVSS score of 8.1. No known exploits have been reported in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, organizations should consider network-level protections such as isolating the device communication on trusted segments and monitoring for anomalous TCP traffic. No vendor-provided mitigation or temporary fix is currently documented.