CVE-2026-32650

High

Published: 17 April 2026

Published

17 April 2026

Modified

04 May 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0003 7.3th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32650 is a high-severity Algorithm Downgrade (CWE-757) vulnerability in Anviz Crosschex Standard. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 7.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-8 (Transmission Confidentiality and Integrity).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the specific software flaw in Anviz CrossChex Standard that allows TDS7 PreLogin manipulation to disable encryption and expose database credentials.

SC-8 Transmission Confidentiality and Integrity good match

prevent

Enforces confidentiality and integrity protections for network transmissions, preventing plaintext disclosure of database credentials even if protocol manipulation occurs.

SC-13 Cryptographic Protection good match

prevent

Implements cryptographic mechanisms to protect sensitive transmitted information like database credentials from being sent in plaintext due to disabled encryption.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1562.010 Downgrade Attack Stealth

Adversaries may downgrade or use a version of system features that may be outdated, vulnerable, and/or does not support updated security controls.

attack.mitre.org →

Why these techniques?

CVE enables remote exploitation of public-facing software via protocol downgrade to capture plaintext DB credentials (CWE-757 algorithm downgrade matching T1562.010 description of disabling network encryption for credential capture).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access.

Deeper analysisAI

CVE-2026-32650 is a vulnerability in Anviz CrossChex Standard software that allows an attacker to manipulate the TDS7 PreLogin mechanism to disable encryption. This causes database credentials to be transmitted in plaintext, enabling unauthorized access to the database. The issue has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is classified under CWE-757.

The vulnerability is exploitable remotely over the network by any unauthenticated attacker requiring low attack complexity and no user interaction. Successful exploitation results in high confidentiality impact, specifically the disclosure of database credentials in plaintext and potential unauthorized access to the underlying database.

Mitigation details are provided in the CISA ICS advisory ICSA-26-106-03, available at https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03 and in JSON format at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json. Vendors recommend contacting Anviz support at https://www.anviz.com/contact-us.html for patches or further guidance.

Details

CWE(s): CWE-757

Affected Products

anviz

crosschex standard

all versions

CVEs Like This One

CVE-2026-40434Same product: Anviz Crosschex Standard

CVE-2026-40461Same vendor: Anviz

CVE-2026-40066Same vendor: Anviz

CVE-2026-35546Same vendor: Anviz

CVE-2026-2673Shared CWE-757

CVE-2026-35682Same vendor: Anviz

CVE-2026-32324Same vendor: Anviz

CVE-2025-24154Shared CWE-757

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json
Third Party Advisory · ics-cert@hq.dhs.gov
https://www.anviz.com/contact-us.html
Product · ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03
US Government Resource · ics-cert@hq.dhs.gov