8.6

CVE-2026-10521

Authenticated unintended access to critical program parameters

An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerMB connect line
Produkt mbCONNECT24
Default Statusunaffected
Version 0.0.0
Version < 2.20.2
Status affected
HerstellerMB connect line
Produkt mymbCONNECT24
Default Statusunaffected
Version 0.0.0
Version < 2.20.2
Status affected
HerstellerMB connect line
Produkt mbCONNECT24
Default Statusunaffected
Version 2.20.1
Status affected
HerstellerMB connect line
Produkt mymbCONNECT24
Default Statusunaffected
Version 2.20.1
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.221
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
info@cert.vde.com 8.6 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
info@cert.vde.com 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-425 Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.