CVE-2026-40851
Code Execution via Confusion Attack in cfgparser
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mb_connect_line | mbnet | 8.4.5 |
| mb_connect_line | mbnet_rokey | 8.4.5 |
| mb_connect_line | mbnet_mini | 3.0.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1287 | The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-40851 is a command injection vulnerability in MB connect line's mbNET, mbNET.rokey, and mbNET.mini devices. A local attacker with low privileges can exploit this by placing a specially crafted file on a USB stick. When the device's configuration parser (cfgparser) processes this malicious file, it leads to arbitrary code execution.
This vulnerability is caused by improper validation of the input type, classified as CWE-1287.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability leads to a total loss of confidentiality, integrity, and availability due to arbitrary code execution by a local attacker. Such a compromise can severely impact compliance with common standards and regulations like GDPR and HIPAA, which mandate the protection of sensitive data and system integrity.
Specifically, the loss of confidentiality could result in unauthorized access to personal or protected health information, violating data privacy requirements. The loss of integrity and availability could disrupt critical systems and data reliability, further breaching regulatory obligations.
How can this vulnerability impact me? :
Exploitation of this vulnerability can result in a total loss of confidentiality, integrity, and availability of the affected device.
- An attacker can execute arbitrary code on the device.
- Sensitive information on the device can be exposed or altered.
- The device's normal operation can be disrupted or completely disabled.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if the affected devices (mbNET, mbNET.rokey, mbNET.mini) have processed a maliciously crafted file from a USB stick that triggers the cfgparser command injection.
Since the vulnerability is exploited locally via USB, monitoring for unusual or unauthorized USB device connections and scanning for suspicious files on USB storage devices is recommended.
Specific commands to detect exploitation are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the firmware of the affected devices to the fixed versions: mbNET and mbNET.rokey to version 8.4.5, and mbNET.mini to version 3.0.3.
Additionally, restrict or monitor USB device usage to prevent the introduction of malicious files that could exploit the cfgparser.