CVE-2026-40829— Authenticated SQLi in UpdateParam function
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 8
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Helmholz | myREX24V2 | 0.0.0≤ 2.20.0 | affected |
2.20.0 | affected | ||
| Helmholz | myREX24V2.virtual | 0.0.0≤ 2.20.0 | affected |
2.20.0 | affected | ||
| MB connect line | mbCONNECT24 | 0.0.0≤ 2.20.0 | affected |
2.20.0 | affected | ||
| MB connect line | mymbCONNECT24 | 0.0.0≤ 2.20.0 | affected |
2.20.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-40829
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authenticated SQLi in UpdateParam function
Source: NVD (National Vulnerability Database)
Vulnerability Description
A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can result in a total loss of confidentiality and some loss of integrity.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24都是德国MB Connect Line公司的产品。MB Connect Line mbCONNECT24是一套远程服务门户网站。该产品支持远程接入、数据记录和报警等功能。MB Connect Line mymbCONNECT24是一款适用于虚拟环境的内部远程维护解决方案。 MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24存在SQ
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| MB connect line | mbCONNECT24 | 0.0.0 ~ 2.20.0 | - | |
| MB connect line | mymbCONNECT24 | 0.0.0 ~ 2.20.0 | - | |
| MB connect line | mbCONNECT24 | 2.20.0 | - | |
| MB connect line | mymbCONNECT24 | 2.20.0 | - | |
| Helmholz | myREX24V2 | 0.0.0 ~ 2.20.0 | - | |
| Helmholz | myREX24V2.virtual | 0.0.0 ~ 2.20.0 | - | |
| Helmholz | myREX24V2 | 2.20.0 | - | |
| Helmholz | myREX24V2.virtual | 2.20.0 | - |
II. Public POCs for CVE-2026-40829
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-40829
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-40829 (1)
Same Patch Batch · MB connect line · 2026-05-27 · 42 CVEs total
| CVE-2026-40851 | 8.4 HIGH | Command injection via USB |
| CVE-2026-40810 | 7.5 HIGH | Unauthenticated SQLi in userinfo Endpoint |
| CVE-2026-40850 | 7.5 HIGH | Unauthenticated SQLi in getAccountData function |
| CVE-2026-40816 | 7.5 HIGH | Unauthenticated SQLi in _mb24confi_getTagAlarm function |
| CVE-2026-40812 | 7.5 HIGH | Unauthenticated SQLi in getLiveValues function |
| CVE-2026-40811 | 7.5 HIGH | Unauthenticated SQLi in ssoabstractservice |
| CVE-2026-40813 | 7.5 HIGH | Unauthenticated SQLi in getLiveValues |
| CVE-2026-40818 | 7.5 HIGH | Unauthenticated SQLi in _mb24confi_getDevice function function |
| CVE-2026-40814 | 7.5 HIGH | Unauthenticated SQLi in _mb24confi_getTagAlarm function |
| CVE-2026-40817 | 7.5 HIGH | Unauthenticated SQLi in getAlarmProfiles function |
| CVE-2026-40819 | 7.5 HIGH | Unauthenticated SQLi in sync_data24 task |
| CVE-2026-40815 | 7.5 HIGH | Unauthenticated SQLi in _mb24api_getUserAccount function |
| CVE-2026-40852 | 7.2 HIGH | Command injection via malicious configuration |
| CVE-2026-40833 | 7.1 HIGH | Authenticated SQLi in saveDashboardLayout function |
| CVE-2026-40836 | 7.1 HIGH | Authenticated SQLi in inmessage model |
| CVE-2026-40834 | 7.1 HIGH | Authenticated SQLi in saveDashboardLayout function |
| CVE-2026-40849 | 6.5 MEDIUM | Authenticated SQLi in user_alarmprofile view |
| CVE-2026-40832 | 6.5 MEDIUM | Authenticated SQLi in getDevicegroups function |
| CVE-2026-40839 | 6.5 MEDIUM | Authenticated SQLi in getComponentScalings function |
| CVE-2026-40841 | 6.5 MEDIUM | Authenticated SQLi in getProjectTags function |
Showing top 20 of 42 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same weakness: CWE-89
- CVE-2026-10606
DedeCMS Feedback feedback.php TrimMsg sql injection - CVE-2026-42684
WordPress WP Job Portal plugin <= 2.5.1 - SQL Injection vuln - CVE-2026-10568
itsourcecode Fees Management System manage_payment.php sql i - CVE-2026-10302
itsourcecode Fees Management System manage_fee.php sql injec - CVE-2026-25879
Langroid has Prompt to SQL Injection, Leading to RCE
V. Comments for CVE-2026-40829
No comments yet