SQL Injection Vulnerability in Dash.php of Affected Product from Vendor
CVE-2026-40833

7.1HIGH

Key Information:

Vendor: Mb Connect Line
Status: Mbconnect24; Mymbconnect24; Myrex24v2; Myrex24v2.virtual
Vendor: CVE Published:; 27 May 2026

🔔 Create Mb Connect Line Vulnerability Alert

What is CVE-2026-40833?

A remote attacker with low privileges can exploit an unauthenticated SQL Injection vulnerability in the saveDashboardLayout function found in dash.php. The flaw arises from the inadequate neutralization of special elements in SQL INSERT commands, permitting access to the entire database and allowing insertion of entries into a non-critical table. This may lead to a significant risk of confidentiality breach and potential integrity loss.

Affected Version(s)

mbCONNECT24 0.0.0 <= 2.20.0

mbCONNECT24 2.20.0

mymbCONNECT24 0.0.0 <= 2.20.0

References

https://www.certvde.com/en/advisories/VDE-2026-044/

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 15, 2026

CVE-2026-40833 Data

JSON