CVE-2026-10521
HIGHMB connect line mbCONNECT24 - Authenticated Unintended Access to Critical Program Parameters
Title source: ruleDescription
An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability.
References (1)
Core 1
Core References
Scores
CVSS v3
7.2
EPSS
0.0031
EPSS Percentile
22.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-425
Status
published
Products (4)
MB connect line/mbCONNECT24
0.0.0 - 2.20.2
MB connect line/mbCONNECT24
2.20.1
MB connect line/mymbCONNECT24
0.0.0 - 2.20.2
MB connect line/mymbCONNECT24
2.20.1
Published
Jun 23, 2026
Tracked Since
Jun 23, 2026