CVE-2026-33615

Overview

MB connect line
mbCONNECT24

02 Apr 2026

Published

02 Apr 2026

Updated

CVSS v3.1

CRITICAL (9.1)

EPSS

0.08%

MITRE

KEV

Description

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability.

Statistics

1 Post

Last activity: 10 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2026-030
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24

Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow RCE, SQLi or information leakage.
#CVE CVE-2026-33615, CVE-2026-33616, CVE-2026-33614, CVE-2026-33613, CVE-2026-33617

https://certvde.com/en/advisories/vde-2026-030/

#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json

0
0
0
10h ago

CVE-2026-33617

Overview

MB connect line
mbCONNECT24

02 Apr 2026

Published

02 Apr 2026

Updated

CVSS v3.1

MEDIUM (5.3)

EPSS

0.03%

MITRE

KEV

Description

An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials.

Statistics

1 Post

Last activity: 10 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2026-030
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24

Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow RCE, SQLi or information leakage.
#CVE CVE-2026-33615, CVE-2026-33616, CVE-2026-33614, CVE-2026-33613, CVE-2026-33617

https://certvde.com/en/advisories/vde-2026-030/

#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json

0
0
0
10h ago

CVE-2026-33616

Overview

MB connect line
mbCONNECT24

02 Apr 2026

Published

02 Apr 2026

Updated

CVSS v3.1

HIGH (7.5)

EPSS

0.05%

MITRE

KEV

Description

An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Statistics

1 Post

Last activity: 10 hours ago

Fediverse

CERT@VDE @certvde

#OT #Advisory VDE-2026-030
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24

Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow RCE, SQLi or information leakage.
#CVE CVE-2026-33615, CVE-2026-33616, CVE-2026-33614, CVE-2026-33613, CVE-2026-33617

https://certvde.com/en/advisories/vde-2026-030/

#CSAF https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json

0
0
0
10h ago