Auth bypass in Acer Predator Connect W6x

CVE-2026-49197

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.

Vulnerability class: Broken Authentication

EPSS: 0.001 (17.1th percentile) — read the EPSS interpretation.

Affected products

Acer Predator Connect W6x — versions W6x_GBL_2.00.000005

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

8fc372e3-d9c5-46e4-9410-38469745c639