CVE-2026-49186

Published: Giu 04, 2026 Last Modified: Giu 04, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,6

Source: 8fc372e3-d9c5-46e4-9410-38469745c639

Attack Vector: network

Attack Complexity: low

Privileges Required: high

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden network devices or publish rogue control commands.

287

Improper Authentication

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability Access Control

Potential Impacts:

Read Application Data Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: Not Technology-Specific, Web Based, ICS/OT

Likelihood of Exploit: High

View CWE Details

https://community.acer.com/en/kb/articles/19707

CVE-2026-49186

Description

Improper Authentication

Common Consequences

Applicable Platforms

Iscriviti alla newsletter