PatchSiren cyber security CVE debrief
CVE-2026-50213 Acer CVE debrief
CVE-2026-50213 is a high-severity vulnerability with a CVSS score of 8.7. The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings. This issue was published on 2026-06-04T09:16:29.987Z and last modified on 2026-06-04T19:10:08.420Z.
- Vendor
- Acer
- Product
- Connect M6E 5G Portable WiFi Router
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Administrators and users of Acer Connect M6E 5G firmware should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability affects Acer Connect M6E 5G firmware, specifically versions up to m6e_ai_1.00.000019. The CWE-798 weakness is associated with this vulnerability.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by the vendor as soon as possible.
- Review and restrict access to the account validation endpoint /v1/User/validate.
- Monitor user profile data exposure and implement additional security measures if necessary.
Evidence notes
Evidence from NVD and CVE.org confirms the existence and details of this vulnerability.
Official resources
-
CVE-2026-50213 CVE record
CVE.org
-
CVE-2026-50213 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
8fc372e3-d9c5-46e4-9410-38469745c639 - Mitigation, Vendor Advisory
This debrief is based on publicly available information and is intended for informational purposes only.