CVE-2026-33615 CRITICAL

CVE-2026-33615: MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the setinfo Endpoint

Vendor Mb Connect Line
Product mbCONNECT24
Weakness CWE-89 · SQLi
Published April 2, 2026
Last update April 2, 2026

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability.

Key dates

02Disclosure timeline

April 2, 2026 CVE published
April 2, 2026 Record updated