Skip to main content

Mb Connect Line Mbconnect24 CVE-2026-32969

| EUVDEUVD-2026-14407 HIGH
SQL Injection (CWE-89)
2026-03-23 CERTVDE GHSA-j3h2-gjm7-hpx9
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 23, 2026 - 11:45 euvd
EUVD-2026-14407
Analysis Generated
Mar 23, 2026 - 11:45 vuln.today
CVE Published
Mar 23, 2026 - 11:16 nvd
HIGH 7.5

DescriptionCVE.org

An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

AnalysisAI

A pre-authentication blind SQL injection vulnerability exists in the userinfo endpoint's authentication method, allowing unauthenticated remote attackers to extract sensitive data from backend databases without any credentials. Affected products include MB Connect Line's mbCONNECT24 and mymbCONNECT24 industrial remote access solutions, as well as Helmholz's myREX24v2 and myREX24v2.virtual platforms used in industrial automation environments. With a CVSS score of 7.5 and complete loss of confidentiality, this represents a significant risk to industrial control systems, though no active exploitation (KEV) or public POC has been reported yet.

Technical ContextAI

This vulnerability affects industrial remote access and maintenance platforms used in operational technology environments. The affected products include MB Connect Line mbCONNECT24 (cpe:2.3:a:mb_connect_line:mb_connect_line_mbconnect24), mymbCONNECT24 (cpe:2.3:a:mb_connect_line:mymbconnect24), and Helmholz myREX24v2 variants (cpe:2.3:a:helmholz:myrex24v2 and cpe:2.3:a:helmholz:myrex24v2.virtual). The root cause is CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), where user-supplied input in the userinfo endpoint is concatenated directly into SQL SELECT statements without proper sanitization or parameterized queries. The pre-authentication nature means the vulnerability exists before any authentication checks, making it accessible to completely unauthenticated attackers. These platforms typically manage remote connections to industrial equipment, making database contents potentially include credentials, configuration data, and sensitive industrial process information.

RemediationAI

Organizations should immediately consult CERT@VDE advisories VDE-2026-024 and VDE-2026-025 (available at https://certvde.com/de/advisories/VDE-2026-024 and https://certvde.com/de/advisories/VDE-2026-025) for specific patch versions and apply vendor-provided security updates from MB Connect Line and Helmholz as soon as they become available. Until patching is complete, implement network segmentation to restrict access to the affected userinfo endpoint to only trusted IP ranges using firewall rules or web application firewalls with SQL injection signature detection enabled. Deploy intrusion detection systems monitoring for SQL injection patterns targeting the authentication method, particularly looking for time delays, boolean-based payloads, or excessive authentication attempts. Consider temporarily disabling remote access through these platforms if business continuity allows, or enforce additional authentication layers such as VPN access before reaching the vulnerable endpoints.

Share

CVE-2026-32969 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy