CVE-2026-40852 HIGH

CVE-2026-40852: Command injection via malicious configuration

Vendor Mb Connect Line

Product mbNET/mbNET.rokey

Weakness CWE-78

Published May 27, 2026

Last update May 27, 2026

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it to an system execute leading to code execution. This can result in a total loss of confidentiality, integrity and availability.

Key dates

02Disclosure timeline

May 27, 2026 CVE published

May 27, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-40852

Related vulnerabilities

Identifiers

CVE CVE-2026-40852

CWE CWE-78

CVSS 7.2 / HIGH

Affected versions

Vendor Mb Connect Line

Product mbNET/mbNET.rokey

Affected ≥ 0.0.0 and ≤ 8.4.4

Vendor Mb Connect Line

Product mbNET.mini

Affected ≥ 0.0.0 and ≤ 3.0.2

Vendor Mb Connect Line

Product mbNET/mbNET.rokey

Affected 8.4.4

Vendor Mb Connect Line

Product mbNET.mini

Affected 3.0.2

Vendor Helmholz

Product REX200/250

Affected ≥ 0.0.0 and ≤ 8.4.4

Vendor Helmholz

Product REX100

Affected ≥ 0.0.0 and ≤ 3.0.2

Vendor Helmholz

Product REX200/250

Affected 8.4.4

Vendor Helmholz

Product REX100

Affected 3.0.2

CVE-2026-40852: Command injection via malicious configuration

01Description

02Disclosure timeline

03References

04Related CVE