CVE-2026-5601
Information Disclosure in Acrel Prepaid Cloud Backup File Handler
Publication date: 2026-04-05
Last updated on: 2026-04-05
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| acrel | electrical_prepaid_cloud_platform | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability results in information disclosure through manipulation of the Backup File Handler component in Acrel Electrical Prepaid Cloud Platform 1.0. Such unauthorized information disclosure could potentially impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive data against unauthorized access.
However, the provided information does not specify the nature or sensitivity of the disclosed information, nor does it detail the exact compliance implications or affected data categories.
Can you explain this vulnerability to me?
This vulnerability exists in the Acrel Electrical Prepaid Cloud Platform 1.0, specifically in the Backup File Handler component when processing the file /bin.rar. The issue allows an attacker to remotely manipulate this file processing, which leads to information disclosure.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information because an attacker can remotely exploit the flaw in the Backup File Handler. This could compromise confidentiality without affecting integrity or availability.