SQL Injection Vulnerability in Affected Software Product by Vendor
CVE-2026-40835

7.1HIGH

Key Information:

Vendor: Mb Connect Line
Status: Mbconnect24; Mymbconnect24; Myrex24v2; Myrex24v2.virtual
Vendor: CVE Published:; 27 May 2026

🔔 Create Mb Connect Line Vulnerability Alert

What is CVE-2026-40835?

A low-privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function. This occurs due to improper handling of special elements in a SQL SELECT command, leading to potential breaches of data confidentiality.

Affected Version(s)

mbCONNECT24 0.0.0 <= 2.20.0

mbCONNECT24 2.20.0

mymbCONNECT24 0.0.0 <= 2.20.0

References

https://www.certvde.com/en/advisories/VDE-2026-044/

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 15, 2026

CVE-2026-40835 Data

JSON