CVE-2026-50212
Analyzed Analyzed - Analysis Complete
Device Dissociation API Denial of Service

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: 8fc372e3-d9c5-46e4-9410-38469745c639

Description
Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-04
Generated
2026-06-24
AI Q&A
2026-06-04
EPSS Evaluated
2026-06-23
NVD
CVE-2026-50212
EUVD
EUVD-2026-34224
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
acer connect_m6e_5g_firmware to m6e_ai_1.00.000019 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service. This could disrupt availability of services, which is a key aspect of compliance with standards like GDPR and HIPAA that require ensuring availability and integrity of systems handling personal or sensitive data.

Additionally, Resource 1 indicates that related vulnerabilities in the device include unauthorized access controls and exposure of sensitive data, which could lead to breaches of confidentiality and integrity. Such issues can directly impact compliance with regulations that mandate protection of personal data and secure access controls.

Therefore, exploitation of this vulnerability and related issues could result in non-compliance with common standards and regulations by compromising system availability, confidentiality, and integrity.

Mitigation Strategies

To mitigate this vulnerability, users should immediately secure their devices by setting strong administrative passwords and restricting IPv6 traffic where possible.

Additionally, users are advised to apply the forthcoming firmware updates provided by Acer through the device management interface as soon as they become available.

Executive Summary

This vulnerability is caused by weak validation logic within device dissociation API routines. It allows a remote attacker to forcefully unbind user endpoints that are unrelated, meaning the attacker can disconnect devices or users that they should not have control over.

Essentially, the API does not properly verify whether the request to dissociate a device is legitimate or authorized, enabling an attacker to cause disruption by unbinding devices arbitrarily.

Impact Analysis

The primary impact of this vulnerability is a severe denial of service. Because an attacker can forcefully unbind unrelated user endpoints, legitimate users may lose connectivity or access to their devices or services unexpectedly.

This disruption can affect availability and reliability of the affected system or service, potentially causing operational interruptions and user dissatisfaction.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50212. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart