Local Code Execution Vulnerability in cfgparser by Anyscale
CVE-2026-40851

8.4HIGH

Key Information:

Vendor: Mb Connect Line
Status: Mbnet/mbnet.rokey; Mbnet.mini; Rex200/250; Rex100
Vendor: CVE Published:; 27 May 2026

🔔 Create Mb Connect Line Vulnerability Alert

What is CVE-2026-40851?

A local attacker can exploit a weakness in the cfgparser, allowing them to trigger a confusion attack through a specially crafted file stored on an external USB device. This vulnerability can lead to unauthorized code execution, posing serious risks to the confidentiality, integrity, and availability of the system.

Affected Version(s)

mbNET.mini 0.0.0 <= 3.0.2

mbNET.mini 3.0.2

mbNET/mbNET.rokey 0.0.0 <= 8.4.4

References

https://www.certvde.com/en/advisories/VDE-2026-054/

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 15, 2026

Credit

Moritz Abrell from SySS GmbH

Christian Zäske from SySS GmbH

CVE-2026-40851 Data

JSON