CVE-2026-49197

Severity CVSS v4.0:
CRITICAL
Type:
CWE-287 Authentication Issues
Publication date:
29/05/2026
Last modified:
08/06/2026

Description

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:acer:predator_connect_w6x_firmware:*:*:*:*:*:*:*:* w6x_gbl_2.00.000005 (including)
cpe:2.3:h:acer:predator_connect_w6x:-:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools