CVE-2026-33617 | THREATINT

Description

An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials.

PUBLISHED Reserved 2026-03-23 | Published 2026-04-02 | Updated 2026-04-03 | Assigner CERTVDE

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

Product status

Default status

unaffected

0.0.0 (semver)

affected

Default status

unaffected

0.0.0 (semver)

affected

Credits

Moritz Abrell, Christian Zäske from SySS GmbH finder

References

certvde.com/de/advisories/VDE-2026-030 vendor-advisory

mbconnectline.csaf-tp.certvde.com/.../2026/vde-2026-030.json vendor-advisory

cve.org (CVE-2026-33617)

nvd.nist.gov (CVE-2026-33617)

Download JSON

help @ threatint.eu