CVE-2026-49185
CRITICAL WAF: High
CVSS 9.8
Published: 2026-06-04
CWE-78
The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| acer | connect_m6e_5g_firmware | up to m6e_ai_1.00.000019 |
References
- community.acer.com (Mitigation, Vendor Advisory)