Which versions of mbCONNECT24 are affected by EUVD-2026-32133?

Vulnerability in MB connect line remote access platforms (mbCONNECT24, mymbCONNECT24, myREX24V2, myREX24V2.virtual, all versions through 2.20.0) allows authenticated users with low privilege to…

mbCONNECT24 EUVD-2026-32133

Q: What is the CVSS score of EUVD-2026-32133?

EUVD-2026-32133 has a CVSS 4.0 base score of 7.1 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-40834 HIGH

SQL Injection (CWE-89)

2026-05-27 info@cert.vde.com

GHSA-6mg8-8793-2qp7

PHP SQLi

7.1

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

May 27, 2026 - 20:04 vuln.today

DescriptionNVD

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash_layout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non critical table. This can result in a total loss of confidentiality and some loss of integrity.

AnalysisAI

SQL injection in the saveDashboardLayout function of dash_layout.php in MB connect line's mbCONNECT24, mymbCONNECT24, myREX24V2 and myREX24V2.virtual remote-access platforms (all versions up to and including 2.20.0) lets a low-privileged remote attacker manipulate a SQL INSERT statement to read the entire backend database and write rows into a non-critical table. The flaw, reported by CERT@VDE (VDE-2026-044, EUVD-2026-32133), yields total loss of confidentiality and partial loss of integrity but no availability impact. …

RemediationAI

Within 24 hours: Inventory all systems running affected versions (up to 2.20.0) and identify critical data stored in the databases. Within 7 days: Implement network access controls restricting platform access to authorized administrators only, enable database activity monitoring for anomalous queries, and apply Web Application Firewall rules to block SQL injection patterns targeting dash_layout.php. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-32133 vulnerability details – vuln.today

Back

mbCONNECT24 EUVD-2026-32133

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

mbCONNECT24 EUVD-2026-32133

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code