CVE-2026-49198
Analyzed Analyzed - Analysis Complete
Improper Access Control in MQTT Broker Exposes Traffic via Wildcard Topics

Publication date: 2026-05-29

Last updated on: 2026-06-08

Assigner: 8fc372e3-d9c5-46e4-9410-38469745c639

Description
Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-06-08
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-49198
EUVD
EUVD-2026-33266
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
acer predator_connect_w6x_firmware to w6x_gbl_2.00.000005 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves improper access control in the MQTT broker, which allows unauthorized actors to subscribe to wildcard topics.

As a result, all MQTT traffic can be exposed to these unauthorized users.

Impact Analysis

The vulnerability can lead to unauthorized access to all MQTT traffic, potentially exposing sensitive data transmitted via MQTT.

This exposure can result in data breaches, loss of confidentiality, and compromise of systems relying on MQTT communication.

Compliance Impact

The vulnerability in the MQTT broker allows unauthorized actors to subscribe to wildcard topics, exposing all MQTT traffic. This improper access control can lead to unauthorized access to sensitive data transmitted via MQTT, potentially violating data protection requirements in standards like GDPR and HIPAA.

By exposing all MQTT traffic to unauthorized users, the vulnerability risks confidentiality and integrity of data, which are core principles in many compliance frameworks. Organizations using affected devices without applying the firmware update may face compliance issues due to inadequate access controls and potential data breaches.

Applying the firmware update that restricts wildcard topic subscriptions and adds payload sanitization is critical to maintaining compliance with these regulations.

Detection Guidance

This vulnerability involves improper access control in the MQTT broker allowing wildcard topic subscriptions, which exposes all MQTT traffic to unauthorized actors.

To detect this vulnerability on your network or system, you can monitor MQTT broker traffic for unauthorized wildcard topic subscriptions. Checking for unusual or unexpected MQTT subscription patterns, especially those using wildcards, may indicate exploitation attempts.

Specific commands are not provided in the available resources, but generally, you can use MQTT client tools or network packet analyzers (e.g., Wireshark) to inspect MQTT traffic and subscriptions.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the firmware of the Acer Connect W6x router to version W6x_GBL_2.00.000008 or later.

This firmware update restricts wildcard topic subscriptions in the local MQTT messaging broker, limiting message visibility to authorized users and addressing the improper access control issue.

Users should perform the update via the router admin console and avoid restarting or unplugging the router during the update process.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49198. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart