EUVD-2026-14407

| CVE-2026-32969 HIGH
2026-03-23 CERTVDE GHSA-j3h2-gjm7-hpx9
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 23, 2026 - 11:45 euvd
EUVD-2026-14407
Analysis Generated
Mar 23, 2026 - 11:45 vuln.today
CVE Published
Mar 23, 2026 - 11:16 nvd
HIGH 7.5

Tags

SQLi

Description

An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Analysis

A pre-authentication blind SQL injection vulnerability exists in the userinfo endpoint's authentication method, allowing unauthenticated remote attackers to extract sensitive data from backend databases without any credentials. Affected products include MB Connect Line's mbCONNECT24 and mymbCONNECT24 industrial remote access solutions, as well as Helmholz's myREX24v2 and myREX24v2.virtual platforms used in industrial automation environments. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Identify and inventory all instances of affected products (mbCONNECT24, mymbCONNECT24, myREX24v2, myREX24v2.virtual) in production and development environments; restrict network access to userinfo endpoints to trusted sources only. Within 7 days: Deploy Web Application Firewall (WAF) rules to block SQL injection patterns on authentication endpoints; implement network segmentation isolating affected systems; enable comprehensive logging and monitoring of authentication attempts. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +38
POC: 0

Share

EUVD-2026-14407 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy