CVE-2026-33616

High

Published: 02 April 2026

Published

02 April 2026

Modified

16 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0005 16.1th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-33616 is a high-severity SQL Injection (CWE-89) vulnerability in Mbconnectline Mbconnect24. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents SQL injection exploitation by requiring validation and neutralization of special elements in inputs to the mb24api endpoint before use in SQL SELECT commands.

SI-2 Flaw Remediation good match

prevent

Ensures timely identification, reporting, and patching of the specific blind SQL injection flaw in the mb24api endpoint as detailed in advisories.

RA-5 Vulnerability Monitoring and Scanning partial match

detectrespond

Facilitates vulnerability scanning to identify SQL injection flaws like CVE-2026-33616 in the mb24api endpoint for subsequent remediation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1213.006 Databases Collection

Adversaries may leverage databases to mine valuable information.

attack.mitre.org →

Why these techniques?

Unauthenticated remote SQL injection in public-facing mb24api endpoint directly enables T1190 for initial access and T1213.006 for extracting data from the database.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Deeper analysisAI

CVE-2026-33616 is an unauthenticated blind SQL injection vulnerability in the mb24api endpoint, caused by improper neutralization of special elements used in an SQL SELECT command. Published on 2026-04-02, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and maps to CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'). The flaw enables a total loss of confidentiality for affected systems.

An unauthenticated remote attacker can exploit the vulnerability over the network with low attack complexity and no privileges or user interaction required. By crafting malicious requests to the mb24api endpoint, the attacker can perform blind SQL injection to infer and extract sensitive data from the underlying database, achieving complete compromise of confidentiality without impacting integrity or availability.

Mitigation guidance is available in related advisories, including CERT VDE's VDE-2026-030 at https://certvde.com/de/advisories/VDE-2026-030 and the corresponding CSAF document at https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json. Security practitioners should consult these for patching instructions and workarounds specific to the mbconnectline environment.