Cyber Resilience

CVE-2026-32650

High

Published: 17 April 2026

Published
17 April 2026
Modified
04 May 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0021 11.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-32650 is a high-severity Algorithm Downgrade (CWE-757) vulnerability in Anviz Crosschex Standard. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 11.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-8 (Transmission Confidentiality and Integrity).

Deeper analysis

CVE-2026-32650 is a vulnerability in Anviz CrossChex Standard software that allows an attacker to manipulate the TDS7 PreLogin mechanism to disable encryption. This causes database credentials to be transmitted in plaintext, enabling unauthorized access to the database. The issue has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is classified under CWE-757.

The vulnerability is exploitable remotely over the network by any unauthenticated attacker requiring low attack complexity and no user interaction. Successful exploitation results in high confidentiality impact, specifically the disclosure of database credentials in plaintext and potential unauthorized access to the underlying database.

Mitigation details are provided in the CISA ICS advisory ICSA-26-106-03, available at https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03 and in JSON format at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json. Vendors recommend contacting Anviz support at https://www.anviz.com/contact-us.html for patches or further guidance.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1689 Downgrade Attack Defense Impairment
Adversaries may downgrade or use a version of system features that may be outdated, vulnerable, and/or does not support updated security controls.
Why these techniques?

CVE enables remote exploitation of public-facing software via protocol downgrade to capture plaintext DB credentials (CWE-757 algorithm downgrade matching T1562.010 description of disabling network encryption for credential capture).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-40434Same product: Anviz Crosschex Standard
CVE-2026-40066Same vendor: Anviz
CVE-2026-35546Same vendor: Anviz
CVE-2026-40461Same vendor: Anviz
CVE-2026-2673Shared CWE-757
CVE-2026-32324Same vendor: Anviz
CVE-2026-35682Same vendor: Anviz
CVE-2025-24154Shared CWE-757

Affected Assets

anviz
crosschex standard
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the specific software flaw in Anviz CrossChex Standard that allows TDS7 PreLogin manipulation to disable encryption and expose database credentials.

prevent

Enforces confidentiality and integrity protections for network transmissions, preventing plaintext disclosure of database credentials even if protocol manipulation occurs.

prevent

Implements cryptographic mechanisms to protect sensitive transmitted information like database credentials from being sent in plaintext due to disabled encryption.

References