This vulnerability (CVE-2026-40811) affects the mbCONNECT24 product from MB connect line. It is caused by improper neutralization of special elements in an SQL SELECT command in the ssoabstractservice, enabling unauthenticated remote attackers to perform SQL Injection attacks. The CVSS 4.0 base score is 8.7, reflecting high severity with network attack vector, no required privileges or user interaction, and high confidentiality impact. No official patch or remediation guidance is currently available, and the product is not a cloud service, so remediation depends on vendor updates.

An unauthenticated attacker can exploit this SQL Injection vulnerability remotely to gain unauthorized access to sensitive data, resulting in a total loss of confidentiality. No known exploits in the wild have been reported yet. The vulnerability affects all versions listed (0.0.0 as placeholder), indicating potentially broad impact on affected deployments.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict network access to the affected service and monitor for suspicious activity related to SQL Injection attempts. Avoid exposing the ssoabstractservice to untrusted networks. Follow vendor communications closely for updates on patches or mitigations.