Skip to main content

mbCONNECT24 CVE-2026-40831

| EUVDEUVD-2026-32160 HIGH
SQL Injection (CWE-89)
2026-05-27 info@cert.vde.com GHSA-gr85-wp24-28g2
7.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
May 27, 2026 - 19:56 vuln.today

DescriptionCVE.org

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the Easy View due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

AnalysisAI

Information disclosure via SQL injection affects the Easy View feature of MB connect line's remote-maintenance portals (mbCONNECT24, mymbCONNECT24, myREX24V2, and myREX24V2.virtual) in versions up to and including 2.20.0. A remote attacker holding a low-privileged account can inject crafted input into a SQL SELECT statement to read arbitrary database contents, resulting in total loss of confidentiality. There is no public exploit identified at time of analysis, and the EPSS score is very low (0.03%, 11th percentile), indicating no observed widespread exploitation activity.

Technical ContextAI

These are industrial remote-access/VPN management platforms from MB connect line (Red Lion), used to provide secure remote maintenance connectivity to machines and OT/ICS equipment; the affected component is the 'Easy View' visualization/portal feature. The root cause is CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), specifically within a SELECT query, meaning user-controlled input reaches the SQL parser without proper parameterization or escaping. Because the impact is scoped to a SELECT command with VC:H/VI:N/VA:N, the flaw permits database read access (data exfiltration) but, per the CVSS metrics, does not directly grant write or destructive capability against the database.

RemediationAI

No vendor-released fixed version is confirmed in the available data; since all listed products are affected up to and including 2.20.0, consult the CERT@VDE advisory at https://www.certvde.com/en/advisories/VDE-2026-044/ for the exact patched release and upgrade to it once published (the fix is expected in a version above 2.20.0 but is not independently verified here). As compensating controls until patching, restrict network reachability of the Easy View feature and the management portal to trusted networks/VPN only rather than exposing it to the public internet, which directly reduces the AV:N exposure but may inconvenience remote technicians; tighten and audit low-privilege account provisioning and disable unused accounts to limit who can reach the vulnerable SELECT path, at the cost of administrative overhead; and enable web application firewall rules or database query monitoring to detect SQL injection patterns against the portal, accepting potential false positives. For hosted/virtual instances (myREX24V2.virtual, mymbCONNECT24), coordinate with the provider on patch timing.

Share

CVE-2026-40831 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy