CVE-2026-33616NVD

Vulnerability Summary

An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Severity Level

HIGH(7.5)

Published Date

Apr 2, 2026

Last Modified

Apr 16, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.05%Probability

Root Weakness (CWE)

CWE-89: SQL Injection ↗

Improper neutralization of special elements used in an SQL command, allowing attackers to modify queries.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityNone

AvailabilityNone

External References

https://certvde.com/de/advisories/VDE-2026-030
https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json

Critical Alert 3 Active Exploits Detected Today

Critical Alert

CVE Watchtower

CVE-2026-33616NVD

Vulnerability Summary

External References