CVE-2026-49185 CRITICAL

CVE-2026-49185: Instruction Injection via FieldX MDM

Vendor Acer

Product Connect M6E 5G Portable WiFi Router

Weakness CWE-78

Published June 4, 2026

Last update June 4, 2026

CVSS base score

10.0/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection.

Key dates

June 4, 2026 CVE published

June 4, 2026 Record updated

External resources

Related vulnerabilities

CVE CVE-2026-49185

CWE CWE-78

CVSS 10.0 / CRITICAL

Vendor Acer

Product Connect M6E 5G Portable WiFi Router

Affected ≤ M6E_AI_1.00.000019