Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-49197: Acer Connect App Fails to Validate Authorization Header

CVE-2026-49197

Summary

The Acer Connect app's web endpoints are vulnerable to unauthorized access because they don't properly check the Authorization header. This could allow attackers to make requests as if they were authorized, which could lead to unauthorized data access or changes. To protect your users, update the Acer Connect app to fix this vulnerability.

Original title

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.

Original description

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.

nvd CVSS4.0 10.0

Vulnerability type

CWE-287 Improper Authentication

https://community.acer.com/en/kb/articles/19672

Published: 29 May 2026 · Updated: 30 May 2026 · First seen: 29 May 2026