CVE-2026-40815
HIGH
NVD
CVSS Score
7.5
Severity
HIGH
Published
May 27, 2026
Vendor
unknown
Description
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24api_getUserAccount function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.