Known Vulnerabilities for products from Acer

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Acer".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Additional devices specifications by Acer can be found at device.report : Acer

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-50226 json Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IME... Not Provided 2026-06-04 2026-06-08
CVE-2026-50225 json The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to f... Not Provided 2026-06-04 2026-06-08
CVE-2026-50224 json The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limi... Not Provided 2026-06-04 2026-06-08
CVE-2026-50214 json The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary cr... Not Provided 2026-06-04 2026-06-08
CVE-2026-50213 json The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by i... Not Provided 2026-06-04 2026-06-04
CVE-2026-50212 json Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endp... Not Provided 2026-06-04 2026-06-04
CVE-2026-50211 json Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps... Not Provided 2026-06-04 2026-06-04
CVE-2026-50210 json The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it susceptible to replay ... Not Provided 2026-06-04 2026-06-04
CVE-2026-50209 json Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, sh... Not Provided 2026-06-04 2026-06-04
CVE-2026-50208 json High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryp... Not Provided 2026-06-04 2026-06-04
CVE-2026-50207 json The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband ... Not Provided 2026-06-04 2026-06-04
CVE-2026-50206 json Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious con... Not Provided 2026-06-04 2026-06-04
CVE-2026-50205 json System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identificatio... Not Provided 2026-06-04 2026-06-04
CVE-2026-49204 json Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation. Not Provided 2026-06-04 2026-06-04
CVE-2026-49203 json Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles ... Not Provided 2026-06-04 2026-06-04
CVE-2026-49202 json Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharin... Not Provided 2026-06-04 2026-06-04
CVE-2026-49201 json The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an att... Not Provided 2026-05-29 2026-06-08
CVE-2026-49200 json The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains c... Not Provided 2026-05-29 2026-06-08
CVE-2026-49199 json Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device. Not Provided 2026-05-29 2026-06-04
CVE-2026-49198 json Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized act... Not Provided 2026-05-29 2026-06-08
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Acer

Type Vendor Product Version
HardwareAcerAc700 Chromebook-
ApplicationAcerAcer Portal3.9.3.2006
ApplicationAcerQuick Access-
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report