CVE-2026-40852 PUBLISHED

Command injection via malicious configuration

Assigner: CERTVDE
Reserved: 15.04.2026 Published: 27.05.2026 Updated: 27.05.2026

A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it to an system execute leading to code execution. This can result in a total loss of confidentiality, integrity and availability.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 7.2

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	High	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	MB connect line
Product	mbNET/mbNET.rokey
Versions	Default: unaffected affected from 0.0.0 to 8.4.4 (incl.)

Vendor	MB connect line
Product	mbNET.mini
Versions	Default: unaffected affected from 0.0.0 to 3.0.2 (incl.)

Vendor	MB connect line
Product	mbNET/mbNET.rokey
Versions	Default: unaffected Version 8.4.4 is affected

Vendor	MB connect line
Product	mbNET.mini
Versions	Default: unaffected Version 3.0.2 is affected

Vendor	Helmholz
Product	REX200/250
Versions	Default: unaffected affected from 0.0.0 to 8.4.4 (incl.)

Vendor	Helmholz
Product	REX100
Versions	Default: unaffected affected from 0.0.0 to 3.0.2 (incl.)

Vendor	Helmholz
Product	REX200/250
Versions	Default: unaffected Version 8.4.4 is affected

Vendor	Helmholz
Product	REX100
Versions	Default: unaffected Version 3.0.2 is affected

Credits

Moritz Abrell from SySS GmbH finder
Christian Zäske from SySS GmbH finder

References

https://www.certvde.com/en/advisories/VDE-2026-054/

Problem Types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE