Vulnerability Details CVE-2026-49186
The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden network devices or publish rogue control commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.3%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2026-49186
-
cpe:2.3:h:acer:connect_m6e_5g:-
-
cpe:2.3:o:acer:connect_m6e_5g_firmware:*