Improper Access Control Vulnerability in MQTT Broker by Acer
CVE-2026-49198

8.3HIGH

Key Information:

Vendor: Acer
Status: Predator Connect W6x
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-49198?

A vulnerability in Acer's MQTT broker results from improper access control mechanisms, which allow wildcard topic subscriptions. This flaw exposes all MQTT traffic to unauthorized actors, posing a significant risk to the confidentiality and integrity of message data transmitted within the broker. Addressing this issue is critical to safeguarding sensitive information from potential threats and ensuring secure communication.

Affected Version(s)

Predator Connect W6x Windows W6x_GBL_2.00.000005

References

https://community.acer.com/en/kb/articles/19672

CVSS V4

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 28, 2026

Credit

rethesis

CVE-2026-49198 Data

JSON