Authorization Validation Flaw in Acer Connect App by Acer
CVE-2026-49197

10CRITICAL

Key Information:

Vendor: Acer
Status: Predator Connect W6x
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-49197?

A vulnerability in the Acer Connect app allows unauthorized access due to improper validation of the HTTP Authorization header. The application fails to appropriately handle requests when Base64 decoding fails, potentially exposing sensitive data to malicious actors. Users of the app are advised to apply security best practices and monitor for any unusual activity.

Affected Version(s)

Predator Connect W6x Windows W6x_GBL_2.00.000005

References

https://community.acer.com/en/kb/articles/19672

CVSS V4

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 28, 2026

Credit

rethesis

CVE-2026-49197 Data

JSON