Authenticated SQLi in user_alarmprofile view_CVE-2026-40849

7.1 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the user_alarmprofile view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Basic Information

ID CVE-2026-40849

Source CERTVDE

Published May 27, 2026 at 07:59

Affected Product

Vendor MB connect line

Product mbCONNECT24

Version 0.0.0

Affected Versions MB connect line mbCONNECT24 0.0.0
MB connect line mymbCONNECT24 0.0.0
MB connect line mbCONNECT24 2.20.0
MB connect line mymbCONNECT24 2.20.0
Helmholz myREX24V2 0.0.0
Helmholz myREX24V2.virtual 0.0.0
Helmholz myREX24V2 2.20.0
Helmholz myREX24V2.virtual 2.20.0

CWE Classification

CWE-89

References

www.certvde.com /en/advisories/VDE-2026-044/

{
    "lastseen": "",
    "description": "An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the user_alarmprofile view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.",
    "published": "2026-05-27T07:59:44.789Z",
    "modified": "2026-05-27T07:59:44.789Z",
    "type": "cve",
    "title": "Authenticated SQLi in user_alarmprofile view",
    "source": "CERTVDE",
    "references": "https://www.certvde.com/en/advisories/VDE-2026-044/",
    "id": "CVE-2026-40849",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "MB connect line mbCONNECT24 0.0.0\nMB connect line mymbCONNECT24 0.0.0\nMB connect line mbCONNECT24 2.20.0\nMB connect line mymbCONNECT24 2.20.0\nHelmholz myREX24V2 0.0.0\nHelmholz myREX24V2.virtual 0.0.0\nHelmholz myREX24V2 2.20.0\nHelmholz myREX24V2.virtual 2.20.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mbCONNECT24",
    "version": "0.0.0",
    "vendor": "MB connect line",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}