SQL Injection Vulnerability in Database Management Software by Vendor
CVE-2026-40828

7HIGH

Key Information:

Vendor: Mb Connect Line
Status: Mbconnect24; Mymbconnect24; Myrex24v2; Myrex24v2.virtual
Vendor: CVE Published:; 27 May 2026

🔔 Create Mb Connect Line Vulnerability Alert

What is CVE-2026-40828?

An unauthenticated SQL Injection vulnerability exists in the DeleteSysLogEntry function of a widely-used database management software, resulting from improper handling of special inputs in SQL DELETE commands. This flaw could allow a remote attacker with high privileges to read sensitive data from the entire database and delete entries in non-critical tables, posing significant risks to data confidentiality and integrity.

Affected Version(s)

mbCONNECT24 0.0.0 <= 2.20.0

mbCONNECT24 2.20.0

mymbCONNECT24 0.0.0 <= 2.20.0

References

https://www.certvde.com/en/advisories/VDE-2026-044/

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 15, 2026

CVE-2026-40828 Data

JSON