Description
An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-03-23
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Data confidentiality loss due to unauthenticated blind SQL injection
Action: Immediate Patch
AI Analysis

Impact

A blind SQL injection flaw exists in the userinfo endpoint’s authentication logic. The vulnerability arises because special characters are not properly escaped in a SELECT statement, allowing an attacker to send crafted inputs that are executed by the database. Because the endpoint can be accessed without authentication, an attacker can reveal private data that should remain confidential.

Affected Systems

Installed units of Helmholz myREX24V2 and myREX24V2.virtual, and MB connect line devices using mbCONNECT24 or mymbCONNECT24, are potentially affected. No particular version ranges are specified, so all currently deployed copies should be considered at risk.

Risk and Exploitability

The reported CVSS score of 7.5 indicates a high severity risk. While detailed likelihood metrics are not available, the flaw can be triggered remotely without credentials, making exploitation straightforward for an attacker. Successful exploitation would provide the attacker with access to sensitive information stored in the backend database. The vulnerability is not catalogued in the major known-exploited-vulnerabilities registry, but its high impact warrants prompt attention.

Generated by OpenCVE AI on March 23, 2026 at 13:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch or upgrade to a fixed version of the affected Helmholz or MB connect line products
  • If a patch is not yet available, restrict or block traffic to the userinfo endpoint to deny unauthenticated requests
  • Monitor system logs for abnormal authentication attempts or patterns that may indicate exploitation attempts
  • Refer to the vendor advisories for update timelines and additional guidance

Generated by OpenCVE AI on March 23, 2026 at 13:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Helmholz
Helmholz myrex24.virtual
Helmholz myrex24 V2
Mbconnectline
Mbconnectline mbconnect24
Mbconnectline mymbconnect24
Vendors & Products Helmholz
Helmholz myrex24.virtual
Helmholz myrex24 V2
Mbconnectline
Mbconnectline mbconnect24
Mbconnectline mymbconnect24

Mon, 23 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 11:45:00 +0000

Type Values Removed Values Added
Description An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoint’s authentication method due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Title Pre-Auth Blind SQLi in userinfo Endpoint
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Helmholz Myrex24.virtual Myrex24 V2
Mbconnectline Mbconnect24 Mymbconnect24
cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2026-03-23T16:01:30.953Z

Reserved: 2026-03-17T09:55:21.859Z

Link: CVE-2026-32969

cve-icon Vulnrichment

Updated: 2026-03-23T16:01:22.270Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-23T12:16:09.090

Modified: 2026-03-23T14:31:37.267

Link: CVE-2026-32969

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:49:18Z

Weaknesses