HIGHCVE-2026-40851Published Modified CNA CERTVDE
CVE-2026-40851: Command injection via USB
A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability.
Metrics
- CVSS v3.1
- 8.4
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 8
Affected packages
- MB connect line / mbNET/mbNET.rokey≤ 8.4.4
- MB connect line / mbNET.mini≤ 3.0.2
- MB connect line / mbNET/mbNET.rokey8.4.4
- MB connect line / mbNET.mini3.0.2
- Helmholz / REX200/250≤ 8.4.4
- Helmholz / REX100≤ 3.0.2
- Helmholz / REX200/2508.4.4
- Helmholz / REX1003.0.2
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences