EUVD-2026-18174

| CVE-2026-33614 HIGH
2026-04-02 CERTVDE
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Apr 02, 2026 - 09:30 vuln.today
EUVD ID Assigned
Apr 02, 2026 - 09:30 euvd
EUVD-2026-18174
CVE Published
Apr 02, 2026 - 08:59 nvd
HIGH 7.5

Tags

SQLi

Description

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Analysis

SQL injection in MB Connect Line's mbCONNECT24 and mymbCONNECT24 products allows unauthenticated remote attackers to extract sensitive data through the getinfo endpoint. The vulnerability permits direct database queries without authentication, enabling complete confidentiality breach of stored information. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Inventory all instances of mbCONNECT24 and mymbCONNECT24 in your environment and isolate affected systems from untrusted networks. Within 7 days: Implement network-level access controls restricting inbound traffic to the getinfo endpoint to trusted sources only; contact MB Connect Line for patch availability and timeline. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +38
POC: 0

Share

EUVD-2026-18174 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy