Unauthenticated SQL Injection Vulnerability in VDE Products by CERTVDE
CVE-2026-33615

9.1CRITICAL

Key Information:

Vendor: Mb Connect Line
Status: Mbconnect24; Mymbconnect24
Vendor: CVE Published:; 2 April 2026

🔔 Create Mb Connect Line Vulnerability Alert

What is CVE-2026-33615?

An SQL Injection vulnerability exists in the setinfo endpoint of CERTVDE's products, allowing unauthenticated remote attackers to manipulate SQL commands due to inadequate handling of special characters. This exploit can severely compromise the integrity and availability of the affected systems.

Affected Version(s)

mbCONNECT24 0.0.0 <= 2.19.4

mymbCONNECT24 0.0.0 <= 2.19.4

References

https://certvde.com/de/advisories/VDE-2026-030

vendor-advisory

https://mbconnectline.csaf-tp.certvde.com/.well-known/csa...

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2026
Vulnerability Reserved
Mar 23, 2026

Credit

Moritz Abrell, Christian Zäske from SySS GmbH

CVE-2026-33615 Data

JSON