High severity7.5NVD Advisory· Published Apr 2, 2026· Updated Apr 16, 2026
CVE-2026-33616
CVE-2026-33616
Description
An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*range: <=2.19.4
- cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*range: <=2.19.4
Patches
Vulnerability mechanics
References
2- certvde.com/de/advisories/VDE-2026-030nvdThird Party Advisory
- mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.jsonnvdVendor Advisory
News mentions
0No linked articles in our index yet.