CVE-2026-32968

Summary

Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383.

Affected Software

VendorProductVersion RangeStatus
MB connect lineMB connect line mbCONNECT240.0.0 <= 2.19.3affected
MB connect linemymbCONNECT240.0.0 <= 2.19.3affected
HelmholzmyREX24V20.0.0 <= 2.19.3affected
HelmholzmyREX24V2.virtual0.0.0 <= 2.19.3affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References