CVE-2026-49197
CRITICAL WAF: Low
CVSS 9.8
Published: 2026-05-29
CWE-287
Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.
WAF Coverage Analysis
Improper Authentication
Low WAF Coverage
OWASP: A07:2021 Identification and Authentication Failures
Affected Software
| Vendor | Product | Version |
|---|---|---|
| acer | predator_connect_w6x_firmware | up to w6x_gbl_2.00.000005 |
References
- community.acer.com (Vendor Advisory)