Kostenlos scannen
CRITICALCVE-2026-33615CVSS 9.1

MB connect line mbCONNECT24 anfällig für eine nicht authentifizierte (SQL Injection) in dem setinfo Endpoint

Plattform

other

Komponente

mbconnect24

Behoben in

2.19.5

2.19.5

AI Confidence: highNVDEPSS 0.1%Geprüft: Mai 2026
Auf NVD ansehen
Speichern

CVE-2026-33615 describes a critical SQL Injection vulnerability affecting mbCONNECT24 versions from 0.0.0 to 2.19.4. This vulnerability allows an unauthenticated attacker to inject malicious SQL code through the setinfo endpoint, potentially compromising the entire system. The vulnerability was publicly disclosed on April 2, 2026, and a patch is expected to be released by the vendor.

Auswirkungen und Angriffsszenarien

The SQL Injection vulnerability in mbCONNECT24 poses a significant threat due to its unauthenticated nature and potential for widespread impact. An attacker can exploit this flaw to bypass authentication and directly manipulate the database. This could lead to unauthorized access to sensitive data, including user credentials, configuration information, and potentially even financial records. The description explicitly states a 'total loss of integrity and availability' is possible, indicating the potential for data corruption, denial of service, and complete system compromise. Successful exploitation could mirror the impact seen in other SQL Injection attacks targeting similar database-driven applications, allowing attackers to gain full control of the affected system.

Ausnutzungskontext

CVE-2026-33615 has been publicly disclosed and carries a CRITICAL CVSS score of 9.1. As of the disclosure date (2026-04-02), there is no indication of active exploitation or inclusion in the CISA KEV catalog. The lack of authentication required for exploitation suggests a high potential for automated scanning and exploitation if a public proof-of-concept is released. Monitor security advisories and threat intelligence feeds for any signs of exploitation.

Wer Ist Gefährdetwird übersetzt…

Organizations utilizing mbCONNECT24 in production environments, particularly those with publicly accessible instances, are at significant risk. This includes businesses relying on mbCONNECT24 for communication or data management, especially those with inadequate security controls or outdated configurations. Shared hosting environments where multiple users share the same mbCONNECT24 instance are also particularly vulnerable.

Erkennungsschrittewird übersetzt…

• generic web: Use curl to test the setinfo endpoint with various SQL injection payloads. Check for error messages or unexpected behavior indicating successful injection.

curl -X POST -d "param='; DROP TABLE users;--" http://your-mbconnect24-server/setinfo

• database (mysql): If you have access to the database, review the mbCONNECT24 database logs for suspicious SQL queries or attempts to access sensitive data. • linux / server: Monitor system logs (e.g., /var/log/auth.log, /var/log/syslog) for unusual activity related to the mbCONNECT24 service or database connections.

Angriffszeitlinie

  1. Disclosure

    disclosure

Bedrohungsanalyse

Exploit-Status

Proof of ConceptUnbekannt
CISA KEVNO
Internet-ExponierungHoch
Berichte1 Bedrohungsbericht

EPSS

0.10% (28% Perzentil)

CISA SSVC

Ausnutzungnone
Automatisierbaryes
Technische Auswirkungpartial

CVSS-Vektor

BEDROHUNGSANALYSE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H9.1CRITICALAttack VectorNetworkWie der Angreifer das Ziel erreichtAttack ComplexityLowBedingungen zur erfolgreichen AusnutzungPrivileges RequiredNoneErforderliche AuthentifizierungsstufeUser InteractionNoneOb ein Opfer eine Aktion ausführen mussScopeUnchangedAuswirkungen über die Komponente hinausConfidentialityNoneRisiko der Offenlegung sensibler DatenIntegrityHighRisiko nicht autorisierter DatenänderungAvailabilityHighRisiko der Dienstunterbrechungnextguardhq.com · CVSS v3.1 Basis-Score
Was bedeuten diese Metriken?
Attack Vector
Netzwerk — aus der Ferne über das Internet ausnutzbar. Kein physischer oder lokaler Zugriff erforderlich.
Attack Complexity
Niedrig — keine besonderen Bedingungen erforderlich. Zuverlässig ausnutzbar.
Privileges Required
Keine — ohne Authentifizierung ausnutzbar. Keine Zugangsdaten erforderlich.
User Interaction
Keine — automatischer und lautloser Angriff. Das Opfer tut nichts.
Scope
Unverändert — Auswirkung auf das anfällige Komponente beschränkt.
Confidentiality
Keine — kein Vertraulichkeitseinfluss.
Integrity
Hoch — Angreifer kann beliebige Daten schreiben, ändern oder löschen.
Availability
Hoch — vollständiger Absturz oder Ressourcenerschöpfung. Totaler Denial of Service.

Betroffene Software

Komponentembconnect24
HerstellerMB connect line
Betroffener BereichBehoben in
0.0.0 – 2.19.42.19.5
0.0.0 – 2.19.42.19.5

Schwachstellen-Klassifikation (CWE)

CWE-89

Zeitleiste

  1. Reserviert
  2. Veröffentlicht
  3. EPSS aktualisiert
Kein Patch — 52 Tage seit Offenlegung

Mitigation und Workarounds

The primary mitigation for CVE-2026-33615 is to upgrade mbCONNECT24 to a patched version as soon as it becomes available. Until a patch is released, consider implementing temporary workarounds to reduce the attack surface. These may include restricting access to the setinfo endpoint to trusted networks or users, implementing strict input validation on all parameters passed to the endpoint, and enabling Web Application Firewall (WAF) rules to detect and block SQL Injection attempts. Monitor system logs for suspicious activity, particularly SQL errors or unusual database queries. After upgrading, verify the fix by attempting a SQL Injection attack on the setinfo endpoint using a benign payload to confirm that the vulnerability has been successfully remediated.

So beheben

Aktualisieren Sie mbCONNECT24 auf eine Version nach 2.19.4. Dies behebt die (SQL Injection) Schwachstelle und verhindert den Verlust von Integrität und Verfügbarkeit des Systems.

CVE-Sicherheitsnewsletter

Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.

Häufig gestellte Fragenwird übersetzt…

What is CVE-2026-33615 — SQL Injection in mbCONNECT24?

CVE-2026-33615 is a critical SQL Injection vulnerability in mbCONNECT24 versions 0.0.0–2.19.4, allowing unauthenticated attackers to inject malicious SQL code and potentially compromise the entire system.

Am I affected by CVE-2026-33615 in mbCONNECT24?

If you are running mbCONNECT24 versions 0.0.0 through 2.19.4, you are potentially affected by this vulnerability. Assess your exposure and prioritize patching.

How do I fix CVE-2026-33615 in mbCONNECT24?

The recommended fix is to upgrade to a patched version of mbCONNECT24 as soon as it becomes available. Until then, implement temporary workarounds like WAF rules and input validation.

Is CVE-2026-33615 being actively exploited?

While no active exploitation has been confirmed, the vulnerability's criticality and ease of exploitation suggest a high likelihood of future attacks. Monitor for suspicious activity.

Where can I find the official mbCONNECT24 advisory for CVE-2026-33615?

Refer to the official mbCONNECT24 website or security mailing list for the latest advisory and patch information. Check vendor's security page.

Ist dein Projekt betroffen?

Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.

Kostenlos scannenCVEs suchen