CVE 8.7 HIGH

Unauthenticated SQLi in getAccountData function_CVE-2026-40850

May 27, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

AI Analysis

Unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command.

Basic Information

ID CVE-2026-40850

Source CERTVDE

Published May 27, 2026 at 08:00

Affected Product

Vendor MB connect line

Product mbCONNECT24

Version 0.0.0, 2.20.0

Affected Versions MB connect line mbCONNECT24 0.0.0
MB connect line mymbCONNECT24 0.0.0
MB connect line mbCONNECT24 2.20.0
MB connect line mymbCONNECT24 2.20.0
Helmholz myREX24V2 0.0.0
Helmholz myREX24V2.virtual 0.0.0
Helmholz myREX24V2 2.20.0
Helmholz myREX24V2.virtual 2.20.0

CWE Classification

CWE-89

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor MB connect line

Product mbCONNECT24

Version 0.0.0, 2.20.0

References

www.certvde.com /en/advisories/VDE-2026-044/

{
    "lastseen": "",
    "description": "An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.",
    "published": "2026-05-27T08:00:01.201Z",
    "modified": "2026-05-27T08:00:11.447Z",
    "type": "cve",
    "title": "Unauthenticated SQLi in getAccountData function",
    "source": "CERTVDE",
    "references": "https://www.certvde.com/en/advisories/VDE-2026-044/",
    "id": "CVE-2026-40850",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "MB connect line mbCONNECT24 0.0.0\nMB connect line mymbCONNECT24 0.0.0\nMB connect line mbCONNECT24 2.20.0\nMB connect line mymbCONNECT24 2.20.0\nHelmholz myREX24V2 0.0.0\nHelmholz myREX24V2.virtual 0.0.0\nHelmholz myREX24V2 2.20.0\nHelmholz myREX24V2.virtual 2.20.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mbCONNECT24",
    "version": "0.0.0, 2.20.0",
    "vendor": "MB connect line",
    "ai_description": "Unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command.",
    "ai_severity": "High",
    "ai_vendor": "MB connect line",
    "ai_product": "mbCONNECT24",
    "ai_version": "0.0.0, 2.20.0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply