CVE Catalog
CVE-2026-49197
CriticalCVSS 9.8Summary
Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.
Risk Assessment
Improper validation of the authorization header may allow attackers to send malicious requests, posing a risk of unauthorized access to resources.
Recommendation
It is recommended to improve the validation of the authorization header to effectively block requests that fail Base64 decoding.
Original NVD description (English source)
Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails.

