CVE-2026-40851
Deferred Deferred - Pending Action
Code Execution via Confusion Attack in cfgparser

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: CERT VDE

Description
A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-40851
EUVD
EUVD-2026-32150
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
mb_connect_line mbnet 8.4.5
mb_connect_line mbnet_rokey 8.4.5
mb_connect_line mbnet_mini 3.0.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1287 The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-40851 is a command injection vulnerability in MB connect line's mbNET, mbNET.rokey, and mbNET.mini devices. A local attacker with low privileges can exploit this by placing a specially crafted file on a USB stick. When the device's configuration parser (cfgparser) processes this malicious file, it leads to arbitrary code execution.

This vulnerability is caused by improper validation of the input type, classified as CWE-1287.

Compliance Impact

This vulnerability leads to a total loss of confidentiality, integrity, and availability due to arbitrary code execution by a local attacker. Such a compromise can severely impact compliance with common standards and regulations like GDPR and HIPAA, which mandate the protection of sensitive data and system integrity.

Specifically, the loss of confidentiality could result in unauthorized access to personal or protected health information, violating data privacy requirements. The loss of integrity and availability could disrupt critical systems and data reliability, further breaching regulatory obligations.

Impact Analysis

Exploitation of this vulnerability can result in a total loss of confidentiality, integrity, and availability of the affected device.

  • An attacker can execute arbitrary code on the device.
  • Sensitive information on the device can be exposed or altered.
  • The device's normal operation can be disrupted or completely disabled.
Detection Guidance

Detection of this vulnerability involves identifying if the affected devices (mbNET, mbNET.rokey, mbNET.mini) have processed a maliciously crafted file from a USB stick that triggers the cfgparser command injection.

Since the vulnerability is exploited locally via USB, monitoring for unusual or unauthorized USB device connections and scanning for suspicious files on USB storage devices is recommended.

Specific commands to detect exploitation are not provided in the available resources.

Mitigation Strategies

The immediate mitigation step is to update the firmware of the affected devices to the fixed versions: mbNET and mbNET.rokey to version 8.4.5, and mbNET.mini to version 3.0.3.

Additionally, restrict or monitor USB device usage to prevent the introduction of malicious files that could exploit the cfgparser.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40851. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart