216.73.217.64

CVE-2026-50226

· Published 04/06/2026 10:16 · Modified 04/06/2026 15:10

Labels: CVE-2026-50226 2026-06-048fc372e3-d9c5-46e4-9410-38469745c639CVE-2026-50226CWE-321

Essential information

Published
04/06/2026 10:16
Modified
04/06/2026 15:10
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
8fc372e3-d9c5-46e4-9410-38469745c639
NVD
View on NVD

Affected products (CPE)

ProductCPE
acer / acerconnect cpe:2.3:a:acer:acerconnect:*:*:*:*:*:*:*:*

References