SQL Injection Vulnerability in View.html.php of CERT VDE Software
CVE-2026-40829

7HIGH

Key Information:

Vendor: Mb Connect Line
Status: Mbconnect24; Mymbconnect24; Myrex24v2; Myrex24v2.virtual
Vendor: CVE Published:; 27 May 2026

🔔 Create Mb Connect Line Vulnerability Alert

What is CVE-2026-40829?

The CERT VDE Software is vulnerable to an unauthenticated SQL Injection in the UpdateParam function located in view.html.php. This vulnerability stems from improper handling of special characters during SQL UPDATE commands, allowing a remote attacker with high privileges to read sensitive data and alter values in a non-critical database table. Exploiting this weakness can lead to significant breaches in data confidentiality and potential integrity issues, compromising the security posture of the affected systems.

Affected Version(s)

mbCONNECT24 0.0.0 <= 2.20.0

mbCONNECT24 2.20.0

mymbCONNECT24 0.0.0 <= 2.20.0

References

https://www.certvde.com/en/advisories/VDE-2026-044/

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 15, 2026

CVE-2026-40829 Data

JSON