SQL Injection Vulnerability in VDE Network Management Software by CertVDE
CVE-2026-33614

7.5HIGH

Key Information:

Vendor: Mb Connect Line
Status: Mbconnect24; Mymbconnect24
Vendor: CVE Published:; 2 April 2026

🔔 Create Mb Connect Line Vulnerability Alert

What is CVE-2026-33614?

An unauthenticated SQL Injection vulnerability has been identified in CertVDE's Network Management Software, specifically in the getinfo endpoint. This vulnerability arises from improper handling of special elements in SQL SELECT commands, enabling remote attackers to execute malicious SQL queries. If exploited, this could lead to significant data breaches, including a complete loss of confidentiality.

Affected Version(s)

mbCONNECT24 0.0.0 <= 2.19.4

mymbCONNECT24 0.0.0 <= 2.19.4

References

https://certvde.com/de/advisories/VDE-2026-030

vendor-advisory

https://mbconnectline.csaf-tp.certvde.com/.well-known/csa...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2026
Vulnerability Reserved
Mar 23, 2026

Credit

Moritz Abrell, Christian Zäske from SySS GmbH

CVE-2026-33614 Data

JSON