CRITICAL vulnerabilities have been discovered in Acer Wave 7 devices, specifically impacting access control and cryptographic defenses. Two notable flaws are highlighted: CVE-2026-49200, which exposes cleartext credential logs vulnerable to unauthorized access, and CVE-2026-49201, which involves hardcoded cryptographic keys that can be exploited to create backdoors. Both vulnerabilities are rated with a maximum CVSS score of 10.0.
Acer is working on an emergency firmware update to address these issues, expected by the end of June 2026. Users are advised to prepare for updates to safeguard their networks.