CVE-2026-49197

Summary

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.

Affected Software

VendorProductVersion RangeStatus
AcerPredator Connect W6xW6x_GBL_2.00.000005 <= *affected

Weaknesses

  • CWE-287: CWE-287: Improper Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References