CVE-2026-49199

CVSS v4.0

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions Acer Predator Connect W6x versions prior to W6x GBL 2.00.000008

Description Crafted MQTT messages can trigger command injection, allowing for root-level remote code execution on the target device without requiring authentication.

Recommendations Update to firmware W6x GBL 2.00.000008.

Fix

RCE

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2026-49199

Affected Products

Predator Connect W6X

CVE-2026-49199

Weakness Enumeration

Related Identifiers

Affected Products

References · 5