Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

MB connect line — Vulnerabilities & Security Advisories 81

Browse all 81 CVE security advisories affecting MB connect line. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MB connect line is a software platform primarily utilized for managing and exchanging electronic documents, including invoices and orders, within business-to-business environments. Security audits have identified thirty-eight Common Vulnerabilities and Exposures (CVEs) associated with the system, indicating a significant historical attack surface. The most prevalent vulnerability classes include remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from inadequate input validation and improper access controls in earlier versions. These defects have allowed attackers to potentially compromise system integrity or access sensitive financial data. While recent updates have addressed many of these issues, the high volume of recorded CVEs suggests a need for rigorous patch management. Organizations deploying this solution must prioritize regular security assessments and ensure all components are updated to mitigate known risks effectively.

CVE IDTitleCVSSSeverityPublished
CVE-2026-10521 Authenticated unintended access to critical program parameters — mbCONNECT24CWE-425 7.2 High2026-06-23
CVE-2026-40852 Command injection via malicious configuration — mbNET/mbNET.rokeyCWE-78 7.2 High2026-05-27
CVE-2026-40851 Command injection via USB — mbNET/mbNET.rokeyCWE-1287 8.4 High2026-05-27
CVE-2026-40850 Unauthenticated SQLi in getAccountData function — mbCONNECT24CWE-89 7.5 High2026-05-27
CVE-2026-40849 Authenticated SQLi in user_alarmprofile view — mbCONNECT24CWE-89 6.5 Medium2026-05-27
CVE-2026-40848 Authenticated SQLi in tag view — mbCONNECT24CWE-89 6.5 Medium2026-05-27
CVE-2026-40847 Authenticated SQLi in system_tag view — mbCONNECT24CWE-89 6.5 Medium2026-05-27
CVE-2026-40846 Authenticated SQLi in system view — mbCONNECT24CWE-89 6.5 Medium2026-05-27
CVE-2026-40845 Authenticated SQLi in devices_configuration view — mbCONNECT24CWE-89 6.5 Medium2026-05-27
CVE-2026-40844 Authenticated SQLi in dashboard view — mbCONNECT24CWE-89 6.5 Medium2026-05-27
CVE-2026-40843 Authenticated SQLi in alarming view — mbCONNECT24CWE-89 6.5 Medium2026-05-27
CVE-2026-40842 Authenticated SQLi in getWidgetTags function — mbCONNECT24CWE-89 6.5 Medium2026-05-27
CVE-2026-40841 Authenticated SQLi in getProjectTags function — mbCONNECT24CWE-89 6.5 Medium2026-05-27
CVE-2026-40840 Authenticated SQLi in VerifyCreateLicences function — mbCONNECT24CWE-89 6.5 Medium2026-05-27
CVE-2026-40839 Authenticated SQLi in getComponentScalings function — mbCONNECT24CWE-89 6.5 Medium2026-05-27
CVE-2026-40838 Authenticated SQLi in getDeviceScalings function — mbCONNECT24CWE-89 6.5 Medium2026-05-27
CVE-2026-40837 Authenticated SQLi in getProjectScalings function — mbCONNECT24CWE-89 6.5 Medium2026-05-27
CVE-2026-40836 Authenticated SQLi in inmessage model — mbCONNECT24CWE-89 7.1 High2026-05-27
CVE-2026-40835 Authenticated SQLi in saveObjectFromData function — mbCONNECT24CWE-89 6.5 Medium2026-05-27
CVE-2026-40834 Authenticated SQLi in saveDashboardLayout function — mbCONNECT24CWE-89 7.1 High2026-05-27
CVE-2026-40833 Authenticated SQLi in saveDashboardLayout function — mbCONNECT24CWE-89 7.1 High2026-05-27
CVE-2026-40832 Authenticated SQLi in getDevicegroups function — mbCONNECT24CWE-89 6.5 Medium2026-05-27
CVE-2026-40831 Authenticated SQLi in Easy View — mbCONNECT24CWE-89 6.5 Medium2026-05-27
CVE-2026-40830 Authenticated SQLi in UpdateParam function — mbCONNECT24CWE-89 5.5 Medium2026-05-27
CVE-2026-40829 Authenticated SQLi in UpdateParam function — mbCONNECT24CWE-89 5.5 Medium2026-05-27
CVE-2026-40828 Authenticated SQLi in DeleteSysLogEntry function — mbCONNECT24CWE-89 5.5 Medium2026-05-27
CVE-2026-40827 Authenticated SQLi in _RemoveRequest function — mbCONNECT24CWE-89 5.5 Medium2026-05-27
CVE-2026-40826 Authenticated SQLi in dsgvo_contracts view — mbCONNECT24CWE-89 4.9 Medium2026-05-27
CVE-2026-40825 Authenticated SQLi in accountstatus view — mbCONNECT24CWE-89 5.5 Medium2026-05-27
CVE-2026-40824 Authenticated SQLi in accountstatus view — mbCONNECT24CWE-89 5.5 Medium2026-05-27

This page lists every published CVE security advisory associated with MB connect line. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.