CVE-2026-50208
Analyzed Analyzed - Analysis Complete
TrustAllCerts TLS Certificate Validation Bypass with DES Key Exposure

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: 8fc372e3-d9c5-46e4-9410-38469745c639

Description
High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-04
Generated
2026-06-24
AI Q&A
2026-06-04
EPSS Evaluated
2026-06-23
NVD
CVE-2026-50208
EUVD
EUVD-2026-34220
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
acer connect_m6e_5g_firmware to m6e_ai_1.00.000019 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-330 The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves high-risk TrustAllCerts routines that disable the standard TLS certificate validation process.

Additionally, the use of hard-coded DES symmetric encryption keys further weakens security.

Together, these issues allow a Man-in-the-Middle (MITM) attacker to potentially decrypt network traffic.

Impact Analysis

An attacker exploiting this vulnerability could intercept and decrypt sensitive network communications.

This could lead to exposure of confidential information, unauthorized data access, and compromise of data integrity.

Compliance Impact

This vulnerability involves disabling standard TLS certificate validation and using hard-coded DES encryption keys, which could allow a Man-in-the-Middle (MITM) attacker to decrypt network traffic. Such weaknesses in protecting data in transit can lead to unauthorized access to sensitive information.

Because of the potential exposure of sensitive data through intercepted communications, this vulnerability could negatively impact compliance with data protection regulations such as GDPR and HIPAA, which require strong safeguards for personal and health information during transmission.

Organizations using affected devices should consider this vulnerability a significant risk to maintaining confidentiality and integrity of data, and should apply patches and mitigation measures promptly to uphold compliance obligations.

Mitigation Strategies

Users are advised to secure their devices with strong administrative passwords and restrict IPv6 traffic where possible.

It is important to apply the forthcoming firmware patches via the device management interface as soon as they are released.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50208. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart