CVE-2026-33615

Received Received - Intake

Unauthenticated SQL Injection in setinfo Endpoint Causes Data Loss

Publication date: 2026-04-02

Last updated on: 2026-04-16

Assigner: CERT VDE

Description

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-04-02

Last Modified

2026-04-16

Generated

2026-06-16

AI Q&A

2026-04-02

EPSS Evaluated

2026-06-15

NVD

CVE-2026-33615

EUVD

EUVD-2026-18176

Affected Vendors & Products

Vendor	Product	Version / Range
mbconnectline	mbconnect24	to 2.19.4 (inc)
mbconnectline	mymbconnect24	to 2.19.4 (inc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-89	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CWE ID

Description

CWE-89

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

Executive Summary

This vulnerability is an unauthenticated SQL Injection in the setinfo endpoint. It occurs because special elements in a SQL UPDATE command are not properly neutralized, allowing a remote attacker to exploit it without authentication.

Impact Analysis

Exploitation of this vulnerability can lead to a total loss of data integrity and availability, meaning attackers can alter or disrupt the system's data and services.

Hi! I’m here to help you understand CVE-2026-33615. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-33615

Unauthenticated SQL Injection in setinfo Endpoint Causes Data Loss

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart