Cyber Resilience

CVE-2026-33616

High

Published: 02 April 2026

Published
02 April 2026
Modified
16 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0005 17.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-33616 is a high-severity SQL Injection (CWE-89) vulnerability in Mbconnectline Mbconnect24. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-33616 is an unauthenticated blind SQL injection vulnerability in the mb24api endpoint, caused by improper neutralization of special elements used in an SQL SELECT command. Published on 2026-04-02, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and maps to CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'). The flaw enables a total loss of confidentiality for affected systems.

An unauthenticated remote attacker can exploit the vulnerability over the network with low attack complexity and no privileges or user interaction required. By crafting malicious requests to the mb24api endpoint, the attacker can perform blind SQL injection to infer and extract sensitive data from the underlying database, achieving complete compromise of confidentiality without impacting integrity or availability.

Mitigation guidance is available in related advisories, including CERT VDE's VDE-2026-030 at https://certvde.com/de/advisories/VDE-2026-030 and the corresponding CSAF document at https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json. Security practitioners should consult these for patching instructions and workarounds specific to the mbconnectline environment.

EU & UK References

Vulnerability details

An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
Why these techniques?

Unauthenticated remote SQL injection in public-facing mb24api endpoint directly enables T1190 for initial access and T1213.006 for extracting data from the database.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-33615Same product: Mbconnectline Mbconnect24
CVE-2026-33614Same product: Mbconnectline Mbconnect24
CVE-2026-33613Same product: Mbconnectline Mbconnect24
CVE-2019-25537Shared CWE-89
CVE-2019-25366Shared CWE-89
CVE-2019-25496Shared CWE-89
CVE-2026-1475Shared CWE-89
CVE-2026-26990Shared CWE-89
CVE-2026-44047Shared CWE-89
CVE-2025-12865Shared CWE-89

Affected Assets

mbconnectline
mbconnect24
≤ 2.19.4
mbconnectline
mymbconnect24
≤ 2.19.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents SQL injection exploitation by requiring validation and neutralization of special elements in inputs to the mb24api endpoint before use in SQL SELECT commands.

prevent

Ensures timely identification, reporting, and patching of the specific blind SQL injection flaw in the mb24api endpoint as detailed in advisories.

detectrespond

Facilitates vulnerability scanning to identify SQL injection flaws like CVE-2026-33616 in the mb24api endpoint for subsequent remediation.

References