CVE-2026-40852 - Vulnerability Details

- Command injection via malicious configuration

Description

A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it to an system execute leading to code execution. This can result in a total loss of confidentiality, integrity and availability.

Published: 2026-05-27

Score: 7.2 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A highly authenticated attacker can alter the configuration generator by injecting a payload, which the device then passes to the operating system’s execute command without proper validation. This flaw allows the attacker to execute arbitrary code on the device, potentially resulting in total loss of confidentiality, integrity, and availability.

Affected Systems

Helmholz REX100, Helmholz REX200/250, MB connect line mbNET.mini, MB connect line mbNET/mbNET.rokey. The affected firmware versions noted in the CPEs are Helmholz REX100 3.0.2, REX200/250 8.4.4, mbNET.mini 3.0.2, and mbNET 8.4.4.

Risk and Exploitability

The CVSS score of 7.2 marks the issue as high severity. The EPSS score is not available, and the vulnerability is not listed in CISA KEV. The attack vector is inferred to require authenticated access to the device, as the description refers to a 'highly authenticated attacker.' Once authenticated, the attacker can modify the configuration generator, leading to system command execution and full compromise of the affected device.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

MB connect line

mbNET/mbNET.rokey

unaffected

Version	Status	Constraints
`0.0.0`	affected	≤ 8.4.4

MB connect line

mbNET.mini

unaffected

Version	Status	Constraints
`0.0.0`	affected	≤ 3.0.2

MB connect line

mbNET/mbNET.rokey

unaffected

Version	Status	Constraints
`8.4.4`	affected	—

MB connect line

mbNET.mini

unaffected

Version	Status	Constraints
`3.0.2`	affected	—

Helmholz

REX200/250

unaffected

Version	Status	Constraints
`0.0.0`	affected	≤ 8.4.4

Helmholz

REX100

unaffected

Version	Status	Constraints
`0.0.0`	affected	≤ 3.0.2

Helmholz

REX200/250

unaffected

Version	Status	Constraints
`8.4.4`	affected	—

Helmholz

REX100

unaffected

Version	Status	Constraints
`3.0.2`	affected	—

No data.

Vendor Product Confidence Versions

Helmholz

Rex100

95%

Version	Status	Scheme	Platform
`[0.0.0,3.0.2]`	affected	semver	—
`3.0.2`	affected	semver	—

Helmholz

Rex100

100%

Version	Status	Scheme	Platform
`[0.0.0,3.0.2]`	affected	semver	—

Helmholz

Rex100

100%

Version	Status	Scheme	Platform
`3.0.2`	affected	semver	—

Helmholz

Rex200 250

95%

Version	Status	Scheme	Platform
`[0.0.0,8.4.4]`	affected	semver	—
`8.4.4`	affected	semver	—

Helmholz

Rex200 250

100%

Version	Status	Scheme	Platform
`[0.0.0,8.4.4]`	affected	semver	—

Helmholz

Rex200 250

100%

Version	Status	Scheme	Platform
`8.4.4`	affected	semver	—

Mb Connect Line

Mbnet.mini

95%

Version	Status	Scheme	Platform
`[0.0.0,3.0.2]`	affected	semver	—
`3.0.2`	affected	semver	—

Mb Connect Line

Mbnet.mini

100%

Version	Status	Scheme	Platform
`[0.0.0,3.0.2]`	affected	semver	—

Mb Connect Line

Mbnet.mini

100%

Version	Status	Scheme	Platform
`3.0.2`	affected	semver	—

Mb Connect Line

Mbnet Mbnet.rokey

95%

Version	Status	Scheme	Platform
`[0.0.0,8.4.4]`	affected	semver	—
`8.4.4`	affected	semver	—

Mb Connect Line

Mbnet Mbnet.rokey

100%

Version	Status	Scheme	Platform
`[0.0.0,8.4.4]`	affected	semver	—

Mb Connect Line

Mbnet Mbnet.rokey

100%

Version	Status	Scheme	Platform
`8.4.4`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check the vendor’s release notes for a firmware update that includes the configuration validation fix and upgrade the device to that version as soon as it is available.
Restrict the configuration generator’s access to only the minimum set of users required and disable remote configuration capabilities if they are not necessary.
Ensure that any user‑supplied configuration values are validated or sanitized before they are passed to system execute calls to prevent unintended code execution.

Generated by OpenCVE AI on May 27, 2026 at 10:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00072.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.certvde.com/en/advisories/VDE-2026-054/

History

Wed, 27 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 27 May 2026 09:00:00 +0000

Type	Values Removed	Values Added
Description		A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it to an system execute leading to code execution. This can result in a total loss of confidentiality, integrity and availability.
Title		Command injection via malicious configuration
First Time appeared		Helmholz Helmholz rex100 Helmholz rex200 250 Mb Connect Line Mb Connect Line mbnet Mb Connect Line mbnet.mini Mb Connect Line mbnet Mbnet.rokey
Weaknesses		CWE-78
CPEs		cpe:2.3:a:helmholz:rex100:::::::: cpe:2.3:a:helmholz:rex200_250:::::::: cpe:2.3:a:mb_connect_line:mbnet.mini:::::::: cpe:2.3:a:mb_connect_line:mbnet_mbnet.rokey:::::::: cpe:2.3:o:helmholz:rex100:3.0.2:::::::* cpe:2.3:o:helmholz:rex200_250:8.4.4:::::::* cpe:2.3:o:mb_connect_line:mbnet.mini:3.0.2:::::::* cpe:2.3:o:mb_connect_line:mbnet:8.4.4:::::::*
Vendors & Products		Helmholz Helmholz rex100 Helmholz rex200 250 Mb Connect Line Mb Connect Line mbnet Mb Connect Line mbnet.mini Mb Connect Line mbnet Mbnet.rokey
References		https://www.certvde.com/en/advisories/VDE-2026-054/
Metrics		cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Helmholz Rex100 Rex200 250

Mb Connect Line Mbnet Mbnet.mini Mbnet Mbnet.rokey

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2026-05-27T08:06:36.875Z

Updated: 2026-05-27T11:54:17.274Z

Reserved: 2026-04-15T09:33:02.614Z

Link: CVE-2026-40852

Vulnrichment

Updated: 2026-05-27T11:54:11.890Z

NVD

Status : Received

Published: 2026-05-27T09:16:31.817

Modified: 2026-05-27T09:16:31.817

Link: CVE-2026-40852

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-27T12:30:25Z

Weaknesses

CWE-78

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object