VYPR
Medium severity5.3NVD Advisory· Published Jun 4, 2026· Updated Jun 8, 2026

CVE-2026-50226

CVE-2026-50226

Description

Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

1