CVE-2026-49197

CRITICAL

Predator Connect W6x: Improper Authentication

Title source: cna

Description

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.

References (1)

Core 1

Core References

https://community.acer.com/en/kb/articles/19672

Scores

CVSS v3 9.8

EPSS 0.0031

EPSS Percentile 22.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-287

Status published

Products (2)

Acer/Predator Connect W6x W6x_GBL_2.00.000005

acer/predator_connect_w6x_firmware < w6x_gbl_2.00.000005

Published May 29, 2026

Tracked Since May 29, 2026