CVE-2026-40818
HIGH
NVD
CVSS Score
7.5
Severity
HIGH
Published
May 27, 2026
Vendor
unknown
Description
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24confi_getDevice function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.