CVE-2026-33614 | THREATINT

Description

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

PUBLISHED Reserved 2026-03-23 | Published 2026-04-02 | Updated 2026-04-02 | Assigner CERTVDE

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status

unaffected

0.0.0 (semver)

affected

Default status

unaffected

0.0.0 (semver)

affected

Credits

Moritz Abrell, Christian Zäske from SySS GmbH finder

References

certvde.com/de/advisories/VDE-2026-030 vendor-advisory

mbconnectline.csaf-tp.certvde.com/.../2026/vde-2026-030.json vendor-advisory

cve.org (CVE-2026-33614)

nvd.nist.gov (CVE-2026-33614)

Download JSON

help @ threatint.eu