Command Injection Vulnerability in Acer Devices
CVE-2026-49199

10CRITICAL

Key Information:

Vendor: Acer
Status: Predator Connect W6x
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-49199?

A command injection vulnerability exists in Acer IoT devices due to the improper handling of crafted MQTT messages. This flaw can lead to unauthorized command execution at the root level on the affected devices, potentially compromising their integrity and exposing sensitive data. It is crucial for users to apply security updates and follow best practices to mitigate the risk associated with this vulnerability.

Affected Version(s)

Predator Connect W6x Windows W6x_GBL_2.00.000005

References

https://community.acer.com/en/kb/articles/19672

CVSS V4

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 28, 2026

Credit

rethesis

CVE-2026-49199 Data

JSON