What is CVE-2026-31927?

CVE-2026-31927 is a medium-severity vulnerability in Anviz Cx7 Firmware, classified under Relative Path Traversal. CVSS score: 4.9/10. Published 2026-04-17.

How severe is CVE-2026-31927?

Medium severity. CVSS v3 base score is 4.9 out of 10.

Path Traversal in Anviz Cx7 Firmware

CVE-2026-31927

Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized SSH access when combined with debug‑setting changes

EPSS: 0.001 (16.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N.

Affected products

Anviz Cx7 Firmware — versions All versions
Anviz Cx7
Anviz Cx7_firmware

Weakness classification (CWE)

CWE-23 — Relative Path Traversal

References

ics-cert@hq.dhs.gov (Third Party Advisory)
ics-cert@hq.dhs.gov (Product)
ics-cert@hq.dhs.gov (US Government Resource)

Frequently asked questions

What is CVE-2026-31927?: CVE-2026-31927 is a medium-severity vulnerability in Anviz Cx7 Firmware, classified under Relative Path Traversal. CVSS score: 4.9/10. Published 2026-04-17.
How severe is CVE-2026-31927?: Medium severity. CVSS v3 base score is 4.9 out of 10.