CVE-2026-50208
Analyzed Analyzed - Analysis Complete

TrustAllCerts TLS Certificate Validation Bypass with DES Key Exposure

Vulnerability report for CVE-2026-50208, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: 8fc372e3-d9c5-46e4-9410-38469745c639

Description

High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-04
Last Modified
2026-06-04
Generated
2026-07-14
AI Q&A
2026-06-04
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
acer connect_m6e_5g_firmware to m6e_ai_1.00.000019 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-330 The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves high-risk TrustAllCerts routines that disable the standard TLS certificate validation process.

Additionally, the use of hard-coded DES symmetric encryption keys further weakens security.

Together, these issues allow a Man-in-the-Middle (MITM) attacker to potentially decrypt network traffic.

Impact Analysis

An attacker exploiting this vulnerability could intercept and decrypt sensitive network communications.

This could lead to exposure of confidential information, unauthorized data access, and compromise of data integrity.

Compliance Impact

This vulnerability involves disabling standard TLS certificate validation and using hard-coded DES encryption keys, which could allow a Man-in-the-Middle (MITM) attacker to decrypt network traffic. Such weaknesses in protecting data in transit can lead to unauthorized access to sensitive information.

Because of the potential exposure of sensitive data through intercepted communications, this vulnerability could negatively impact compliance with data protection regulations such as GDPR and HIPAA, which require strong safeguards for personal and health information during transmission.

Organizations using affected devices should consider this vulnerability a significant risk to maintaining confidentiality and integrity of data, and should apply patches and mitigation measures promptly to uphold compliance obligations.

Mitigation Strategies

Users are advised to secure their devices with strong administrative passwords and restrict IPv6 traffic where possible.

It is important to apply the forthcoming firmware patches via the device management interface as soon as they are released.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50208. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart