CVE-2026-49186
Analyzed Analyzed - Analysis Complete
MQTT Broker Topic ACL Bypass via Wildcard Subscriptions

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: 8fc372e3-d9c5-46e4-9410-38469745c639

Description
The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (#Β orΒ +) to enumerate hidden network devices or publish rogue control commands.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-04
Generated
2026-06-24
AI Q&A
2026-06-04
EPSS Evaluated
2026-06-23
NVD
CVE-2026-49186
EUVD
EUVD-2026-34200
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
acer connect_m6e_5g_firmware to m6e_ai_1.00.000019 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists because the local MQTT broker does not enforce topic-level Access Control Lists (ACLs).

As a result, any client connected to the broker can subscribe to topics using wildcard characters (# or +), which allows them to enumerate hidden network devices.

Additionally, clients can publish rogue control commands to the broker, potentially manipulating devices or services.

Compliance Impact

The vulnerability in the local MQTT broker, which does not enforce topic-level Access Control Lists (ACLs), allows unauthorized clients to subscribe to or publish messages using wildcard characters. This can lead to enumeration of hidden network devices and the sending of rogue control commands.

Such unauthorized access and potential manipulation of device configurations and communications could result in exposure or compromise of sensitive data, which may negatively impact compliance with data protection regulations like GDPR and HIPAA that require strict access controls and protection of personal or sensitive information.

Therefore, until the vulnerability is patched, affected devices may not meet the security requirements mandated by these common standards and regulations.

Mitigation Strategies

To mitigate this vulnerability immediately, users should secure their devices with strong administrative passwords and restrict IPv6 traffic where possible.

Additionally, users are advised to apply the forthcoming firmware patches via the device management interface as soon as they become available.

Detection Guidance

The vulnerability involves the local MQTT broker not enforcing topic-level Access Control Lists (ACLs), allowing clients to subscribe using wildcard characters (# or +) to enumerate hidden devices or publish rogue commands.

To detect this vulnerability on your network or system, you can attempt to subscribe to MQTT topics using wildcard characters to see if unauthorized enumeration or publishing is possible.

  • Use an MQTT client tool (e.g., mosquitto_sub) to subscribe to all topics with a wildcard: mosquitto_sub -h <broker_ip> -t '#' -v
  • Attempt to publish a test message to a control topic to check if publishing is unrestricted: mosquitto_pub -h <broker_ip> -t 'control/test' -m 'test message'

If these commands succeed without proper authentication or authorization, it indicates the broker does not enforce topic-level ACLs and is vulnerable.

Impact Analysis

The vulnerability can lead to unauthorized discovery of hidden network devices by malicious clients.

It also allows attackers to send unauthorized control commands, which could disrupt device operations or compromise system integrity.

Overall, this can result in increased risk of network reconnaissance, unauthorized control, and potential service disruption.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49186. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart