CVE-2026-33617
Unauthorized Remote Access to Database Credentials via Config File Exposure
Publication date: 2026-04-02
Last updated on: 2026-04-16
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mbconnectline | mbconnect24 | to 2.19.4 (inc) |
| mbconnectline | mymbconnect24 | to 2.19.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an unauthenticated remote attacker to access a configuration file that contains database credentials.
Although the attacker can obtain these credentials, there is no exposed endpoint that allows the attacker to use them directly.
How can this vulnerability impact me? :
The main impact of this vulnerability is a loss of confidentiality because sensitive database credentials can be accessed by an attacker.
However, since there is no endpoint exposed to use these credentials, the attacker cannot directly exploit them to compromise the database or system integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an unauthenticated remote attacker to access a configuration file containing database credentials, resulting in some loss of confidentiality.
Loss of confidentiality of database credentials could potentially impact compliance with standards and regulations such as GDPR and HIPAA, which require protection of sensitive data and credentials.
However, since there is no endpoint exposed to use these credentials, the immediate risk of data breach or misuse may be limited.