CVE Catalog

CVE-2026-49197

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Summary

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.

Risk Assessment

Improper validation of the authorization header may allow attackers to send malicious requests, posing a risk of unauthorized access to resources.

Recommendation

It is recommended to improve the validation of the authorization header to effectively block requests that fail Base64 decoding.

Original NVD description (English source)

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS