Vulnerability Details CVE-2026-33615
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.6%
CVSS Severity
CVSS v3 Score 9.1
References
Products affected by CVE-2026-33615
-
cpe:2.3:a:mbconnectline:mbconnect24:-
-
cpe:2.3:a:mbconnectline:mbconnect24:2.11.2
-
cpe:2.3:a:mbconnectline:mbconnect24:2.13.3
-
cpe:2.3:a:mbconnectline:mbconnect24:2.13.4
-
cpe:2.3:a:mbconnectline:mbconnect24:2.14.2
-
cpe:2.3:a:mbconnectline:mbconnect24:2.16.2
-
cpe:2.3:a:mbconnectline:mbconnect24:2.16.3
-
cpe:2.3:a:mbconnectline:mbconnect24:2.5.0
-
cpe:2.3:a:mbconnectline:mbconnect24:2.6.1
-
cpe:2.3:a:mbconnectline:mbconnect24:2.6.2
-
cpe:2.3:a:mbconnectline:mbconnect24:2.8.0
-
cpe:2.3:a:mbconnectline:mymbconnect24:-
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.11.2
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.13.3
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.13.4
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.14.2
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.16.2
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.16.3
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.5.0
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.6.1
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.6.2
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.8.0