CVE-2026-32324

High

Published: 17 April 2026

Published

17 April 2026

Modified

04 May 2026

KEV Added

—

Patch

—

CVSS Score 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score 0.0001 0.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32324 is a high-severity Use of Hard-coded Cryptographic Key (CWE-321) vulnerability in Anviz Cx7 Firmware. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Private Keys (T1552.004); ranked at the 0.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-12 (Cryptographic Key Establishment and Management) and SC-13 (Cryptographic Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Private Keys (T1552.004) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-12 Cryptographic Key Establishment and Management good match

prevent

Mandates proper cryptographic key establishment and management, directly preventing embedding of reusable static certificate and key material in firmware that enables MQTT traffic decryption.

SC-13 Cryptographic Protection good match

prevent

Requires implementation of cryptographic protections with key management per NIST SP 800-57, comprehensively addressing insecure embedded keys used for MQTT communications.

SI-2 Flaw Remediation good match

preventrecover

Directly facilitates timely remediation of the firmware flaw through vulnerability monitoring, patching, and deployment to eliminate embedded reusable keys.

MITRE ATT&CK Enterprise TechniquesAI

T1552.004 Private Keys Credential Access

Adversaries may search for private key certificate files on compromised systems for insecurely stored credentials.

attack.mitre.org →

T1040 Network Sniffing Credential Access

Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.

attack.mitre.org →

Why these techniques?

Embedded reusable private key material (CWE-321) directly enables local extraction of unsecured credentials (T1552.004); captured MQTT traffic can then be decrypted, facilitating network sniffing (T1040).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at scale.

Deeper analysisAI

CVE-2026-32324 affects the Anviz CX7 Firmware, where the application embeds reusable certificate and key material. This flaw, classified under CWE-321, enables attackers to decrypt MQTT traffic and potentially interact with device messaging channels at scale. The vulnerability received a CVSS v3.1 base score of 7.7 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), highlighting high impacts on confidentiality and integrity with low attack complexity and no privileges required.

Attackers with local access to the affected system can exploit this vulnerability without user interaction. Successful exploitation allows decryption of MQTT communications, granting unauthorized access to sensitive traffic and enabling scaled interactions with the device's messaging channels, potentially compromising control or data flows.

CISA's ICS Advisory ICSA-26-106-03 and the associated CSAF document detail mitigation recommendations, while Anviz directs users to their contact page for support. Security practitioners should consult these resources for vendor-specific patches or workarounds.