CVE-2026-40851

Summary

A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability.

Affected Software

VendorProductVersion RangeStatus
MB connect linembNET/mbNET.rokey0.0.0 <= 8.4.4affected
MB connect linembNET.mini0.0.0 <= 3.0.2affected
MB connect linembNET/mbNET.rokey8.4.4affected
MB connect linembNET.mini3.0.2affected
HelmholzREX200/2500.0.0 <= 8.4.4affected
HelmholzREX1000.0.0 <= 3.0.2affected
HelmholzREX200/2508.4.4affected
HelmholzREX1003.0.2affected

Weaknesses

  • CWE-1287: CWE-1287 Improper Validation of Specified Type of Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References