PatchSiren cyber security CVE debrief
CVE-2026-50224 Acer CVE debrief
The CVE-2026-50224 vulnerability affects the Acer Connect M6E 5G product. The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over the WAN. This issue has a CVSS score of 6.9 and is classified as MEDIUM severity.
- Vendor
- Acer
- Product
- Connect M6E 5G Portable WiFi Router
- CVSS
- MEDIUM 6.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-08
Who should care
Administrators and users of Acer Connect M6E 5G devices should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability allows unauthorized access to internal API endpoints due to the web administration panel binding to the public IPv6 address space without default firewall limits.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply the patch or update provided by the vendor (see resourceLinkAnnotations 'ref-4')
- Restrict access to the web administration panel to trusted networks or IP addresses
- Enable firewall rules to limit access to port [::]:8080
Evidence notes
The CVE-2026-50224 record and NVD detail (resourceLinkAnnotations 'nvd') provide additional information on this vulnerability.
Official resources
-
CVE-2026-50224 CVE record
CVE.org
-
CVE-2026-50224 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
8fc372e3-d9c5-46e4-9410-38469745c639 - Mitigation, Vendor Advisory
CVE-2026-50224 was published on 2026-06-04T10:16:40.003Z and modified on 2026-06-08T12:58:22.847Z.