Code Execution Vulnerability in Affected Product by Vendor
CVE-2026-40852

7.2HIGH

Key Information:

Vendor: Mb Connect Line
Status: Mbnet/mbnet.rokey; Mbnet.mini; Rex200/250; Rex100
Vendor: CVE Published:; 27 May 2026

🔔 Create Mb Connect Line Vulnerability Alert

What is CVE-2026-40852?

A vulnerability exists that allows an authenticated attacker to manipulate the configuration generator by injecting malicious payloads into future configurations. Due to insufficient checks on configuration values before execution, this may lead to unauthorized code execution on the affected system. As a result, there is a severe risk of compromising confidentiality, integrity, and availability of the system.

Affected Version(s)

mbNET.mini 0.0.0 <= 3.0.2

mbNET.mini 3.0.2

mbNET/mbNET.rokey 0.0.0 <= 8.4.4

References

https://www.certvde.com/en/advisories/VDE-2026-054/

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 15, 2026

Credit

Moritz Abrell from SySS GmbH

Christian Zäske from SySS GmbH

CVE-2026-40852 Data

JSON