CVE-2026-32968

CRITICAL NVD

CVSS Score 9.8

Severity CRITICAL

Published Mar 23, 2026

Vendor unknown

Description

Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383.

References

https://certvde.com/de/advisories/VDE-2026-024
https://certvde.com/de/advisories/VDE-2026-025