Vulnerability intelligence

CVE-2026-49200

The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.

CVSS Score

Critical

EPSS — Exploit Probability

0.1%

Riskier than 20% of all CVEs

Exploitation

Not in CISA KEV

No federal exploitation record

Remediation

unknown

Check vendor advisories

NVD entry PoC / advisory

1 article across 1 outlet · first covered Jun 3, 2026 · latest Jun 3, 2026

Coverage timeline

Critical flaws in Acer Wave 7 leak credentials, enable backdoors
securityonline.info · Jun 3, 2026