Authenticated SQLi in inmessage model_CVE-2026-40836

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Description

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a total loss of confidentiality and some loss of integrity.

Basic Information

ID CVE-2026-40836

Source CERTVDE

Published May 27, 2026 at 07:56

Affected Product

Vendor MB connect line

Product mbCONNECT24

Version 0.0.0

Affected Versions MB connect line mbCONNECT24 0.0.0
MB connect line mymbCONNECT24 0.0.0
MB connect line mbCONNECT24 2.20.0
MB connect line mymbCONNECT24 2.20.0
Helmholz myREX24V2 0.0.0
Helmholz myREX24V2.virtual 0.0.0
Helmholz myREX24V2 2.20.0
Helmholz myREX24V2.virtual 2.20.0

CWE Classification

CWE-89

References

www.certvde.com /en/advisories/VDE-2026-044/

{
    "lastseen": "",
    "description": "An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a total loss of confidentiality and some loss of integrity.",
    "published": "2026-05-27T07:56:21.298Z",
    "modified": "2026-05-27T07:56:21.298Z",
    "type": "cve",
    "title": "Authenticated SQLi in inmessage model",
    "source": "CERTVDE",
    "references": "https://www.certvde.com/en/advisories/VDE-2026-044/",
    "id": "CVE-2026-40836",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "MB connect line mbCONNECT24 0.0.0\nMB connect line mymbCONNECT24 0.0.0\nMB connect line mbCONNECT24 2.20.0\nMB connect line mymbCONNECT24 2.20.0\nHelmholz myREX24V2 0.0.0\nHelmholz myREX24V2.virtual 0.0.0\nHelmholz myREX24V2 2.20.0\nHelmholz myREX24V2.virtual 2.20.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mbCONNECT24",
    "version": "0.0.0",
    "vendor": "MB connect line",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}