Home / Vulnerability Intelligence / CVE-2026-33615

CVE-2026-33615 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: April 2, 2026

Unspecified Product - SQL Injection

Published: April 2, 2026Updated: April 2, 2026Remote Exploitable

Overview

An unspecified vendor product contains an SQL injection caused by improper neutralization of special elements in a SQL UPDATE command at the setinfo endpoint, letting unauthenticated remote attackers modify data and cause denial of service.

Severity & Score

Severity: Critical

CVSS Score: 9.1

Impact

Unauthenticated remote attackers can modify data and cause denial of service, leading to total loss of integrity and availability.

Mitigation

Update to the latest version with the fix.

References

https://certvde.com/de/advisories/VDE-2026-030
https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-33615
Severity: Critical
CVSS Score: 9.1
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H