CVE-2026-32968

CVSS v3.1

9.8

Critical

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383.

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2026-32968

Affected Products

Mb Connect Line Mymbconnect24

Myrex24V2

Myrex24V2.Virtual

Mbconnect24

CVE-2026-32968

Weakness Enumeration

Related Identifiers

Affected Products

References · 4