Advisories

Für CVSS 2.0, 3.0 und 3.2
VDE-2026-068
Juni 23, 2026, 1:00 nachm.

MB connect line: Authenticated unintended access to critical program parameters in mbCONNECT24/mymbCONNECT24

There is a vulnerability in mbCONNECT24/mymbCONNECT24 that allows an authenticated remote attacker to access a hidden configuration method, that should not be accessible by any user, to modify critical program …
CVE-2026-10521
VDE-2026-044
Mai 27, 2026, 1:00 nachm.

MB connect line: Multiple SQLi vulnerabilities in mbCONNECT24/mymbCONNECT24

Multiple SQLi vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24.
CVE-2026-40850
CVE-2026-40819
CVE-2026-40818
CVE-2026-40817
CVE-2026-40816
CVE-2026-40815
CVE-2026-40814
CVE-2026-40813
CVE-2026-40812
CVE-2026-40811
CVE-2026-40810
CVE-2026-40836
CVE-2026-40834
CVE-2026-40833
CVE-2026-40849
CVE-2026-40848
CVE-2026-40847
CVE-2026-40846
CVE-2026-40845
CVE-2026-40844
CVE-2026-40843
CVE-2026-40842
CVE-2026-40841
CVE-2026-40840
CVE-2026-40839
CVE-2026-40838
CVE-2026-40837
CVE-2026-40835
CVE-2026-40832
CVE-2026-40831
CVE-2026-40830
CVE-2026-40829
CVE-2026-40828
CVE-2026-40827
CVE-2026-40825
CVE-2026-40824
CVE-2026-40823
CVE-2026-40826
CVE-2026-40822
CVE-2026-40821
CVE-2026-40820
VDE-2026-054
Mai 27, 2026, 1:00 nachm.

MB connect line: Multiple vulnerabilities in mbNET/mbNET.rokey/mbNET.mini

Two command injection vulnerabilities have been discovered in MB connect line mbNET/mbNET.rokey/mbNET.mini.
CVE-2026-40851
CVE-2026-40852
VDE-2026-030
April 2, 2026, 1:00 nachm.

MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24

Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow RCE, SQLi or information leakage.
CVE-2026-33615
CVE-2026-33616
CVE-2026-33614
CVE-2026-33613
CVE-2026-33617
VDE-2026-024
März 23, 2026, 1:00 nachm.

MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24

Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow unauthenticated RCE or SQLi.
CVE-2026-32968
CVE-2026-32969
VDE-2025-065
Juli 31, 2025, 12:00 nachm.

MB connect line: Sandbox escape in mbNET's LUA interpreter

An authenticated remote attacker can exploit an undocumented method to escape the LUA sandbox in mbNET devices, enabling the execution of arbitrary operating system commands and leading to full system …
CVE-2025-41688
VDE-2025-058
Juli 21, 2025, 12:00 nachm.

MB connect line: Multiple vulnerabilities in mbNET.mini

Multiple vulnerabilities in all mbNET.mini devices with firmware <= 2.3.2 that allow an attacker to gain full control over the device.
CVE-2025-41675
CVE-2025-41674
CVE-2025-41673
CVE-2025-41678
CVE-2025-41679
CVE-2025-41677
CVE-2025-41676
CVE-2025-41681
VDE-2025-035
Juni 24, 2025, 12:00 nachm.

Vulnerabilities in mbCONNECT24/mymbCONNECT24

Two vulnerabilities in mbCONNECT24/mymbCONNECT24 can lead to user enumeration an password bypass.
CVE-2025-3092
CVE-2025-3091