CVE-2026-33616 identifies a blind SQL Injection vulnerability in the mb24api endpoint of the mbCONNECT24 product by MB connect line. This vulnerability stems from improper neutralization of special characters in an SQL SELECT command, classified under CWE-89. The flaw allows an unauthenticated remote attacker to inject malicious SQL payloads into the API endpoint, enabling extraction of sensitive database information without requiring authentication or user interaction. The attack is blind, meaning the attacker infers data through response behavior rather than direct output, complicating but not preventing exploitation. The vulnerability affects version 0.0.0 of mbCONNECT24, with no patches currently available. The CVSS v3.1 base score is 7.5, with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating network attack vector, low attack complexity, no privileges or user interaction required, unchanged scope, and high confidentiality impact without integrity or availability impact. Although no known exploits are reported in the wild, the vulnerability poses a serious risk due to the sensitive nature of data managed by mbCONNECT24, which is used for remote monitoring and management in industrial automation environments. The improper input validation in the SQL command allows attackers to bypass authentication and access confidential information stored in backend databases, potentially exposing sensitive operational data or credentials. The lack of patches necessitates immediate attention to mitigate risk.

The primary impact of CVE-2026-33616 is a total loss of confidentiality for organizations using mbCONNECT24, as attackers can remotely extract sensitive data from backend databases without authentication. This can lead to exposure of critical operational data, intellectual property, or user credentials, which could facilitate further attacks or industrial espionage. Since mbCONNECT24 is used in industrial automation and remote device management, compromised confidentiality could disrupt trust in operational technology environments and lead to regulatory compliance issues. Although integrity and availability are not directly affected, the confidentiality breach alone can have severe consequences including reputational damage, financial loss, and potential safety risks if sensitive control data is exposed. The ease of exploitation (no authentication or user interaction required) increases the likelihood of attacks, especially in environments with internet-exposed mbCONNECT24 instances. Organizations worldwide relying on this product for remote connectivity are at risk of data breaches and must act swiftly to protect their environments.

Given the absence of an official patch, organizations should implement immediate compensating controls. First, restrict network access to the mb24api endpoint by implementing strict firewall rules and network segmentation to limit exposure to trusted IP addresses only. Employ Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection payloads targeting the mb24api endpoint. Conduct thorough input validation and sanitization on any custom integrations or proxies interacting with mbCONNECT24 to prevent injection attempts. Monitor logs for unusual query patterns or repeated failed requests indicative of blind SQL injection attempts. If possible, deploy intrusion detection/prevention systems (IDS/IPS) tuned to detect SQL injection signatures. Engage with MB connect line for updates and patches, and plan for rapid deployment once available. Additionally, review and minimize the amount of sensitive data stored in backend databases accessible via mb24api to reduce potential exposure. Regularly audit and update credentials and access controls associated with mbCONNECT24 deployments to limit damage scope in case of compromise.