CVE-2026-49186
Analyzed Analyzed - Analysis Complete

MQTT Broker Topic ACL Bypass via Wildcard Subscriptions

Vulnerability report for CVE-2026-49186, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: 8fc372e3-d9c5-46e4-9410-38469745c639

Description

The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (#Β orΒ +) to enumerate hidden network devices or publish rogue control commands.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-04
Last Modified
2026-06-04
Generated
2026-07-14
AI Q&A
2026-06-04
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
acer connect_m6e_5g_firmware to m6e_ai_1.00.000019 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

The vulnerability involves the local MQTT broker not enforcing topic-level Access Control Lists (ACLs), allowing clients to subscribe using wildcard characters (# or +) to enumerate hidden devices or publish rogue commands.

To detect this vulnerability on your network or system, you can attempt to subscribe to MQTT topics using wildcard characters to see if unauthorized enumeration or publishing is possible.

  • Use an MQTT client tool (e.g., mosquitto_sub) to subscribe to all topics with a wildcard: mosquitto_sub -h <broker_ip> -t '#' -v
  • Attempt to publish a test message to a control topic to check if publishing is unrestricted: mosquitto_pub -h <broker_ip> -t 'control/test' -m 'test message'

If these commands succeed without proper authentication or authorization, it indicates the broker does not enforce topic-level ACLs and is vulnerable.

Executive Summary

This vulnerability exists because the local MQTT broker does not enforce topic-level Access Control Lists (ACLs).

As a result, any client connected to the broker can subscribe to topics using wildcard characters (# or +), which allows them to enumerate hidden network devices.

Additionally, clients can publish rogue control commands to the broker, potentially manipulating devices or services.

Impact Analysis

The vulnerability can lead to unauthorized discovery of hidden network devices by malicious clients.

It also allows attackers to send unauthorized control commands, which could disrupt device operations or compromise system integrity.

Overall, this can result in increased risk of network reconnaissance, unauthorized control, and potential service disruption.

Compliance Impact

The vulnerability in the local MQTT broker, which does not enforce topic-level Access Control Lists (ACLs), allows unauthorized clients to subscribe to or publish messages using wildcard characters. This can lead to enumeration of hidden network devices and the sending of rogue control commands.

Such unauthorized access and potential manipulation of device configurations and communications could result in exposure or compromise of sensitive data, which may negatively impact compliance with data protection regulations like GDPR and HIPAA that require strict access controls and protection of personal or sensitive information.

Therefore, until the vulnerability is patched, affected devices may not meet the security requirements mandated by these common standards and regulations.

Mitigation Strategies

To mitigate this vulnerability immediately, users should secure their devices with strong administrative passwords and restrict IPv6 traffic where possible.

Additionally, users are advised to apply the forthcoming firmware patches via the device management interface as soon as they become available.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49186. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart