{"vulnerability": "cve-2026-49185", "sightings": [{"uuid": "a97caeaf-1a82-40e4-8b31-dcd8a4b6002c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-49185", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116689956169057665", "content": "\u26a0\ufe0f CVE-2026-49185: Acer Connect M6E 5G WiFi Router has a CRITICAL OS command injection bug (CVSS 10). Remote, unauthenticated exploitation possible. No patch available \u2014 limit exposure & monitor vendor updates. https://radar.offseq.com/threat/cve-2026-49185-cwe-78-improper-neutralization-of-s-b208b2de #OffSeq #CVE202649185 #Infosec #Vuln", "creation_timestamp": "2026-06-04T04:30:27.623306Z"}, {"uuid": "1a346873-c7a9-47b4-9801-e38ea1e407f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-49185", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mngs2jmfpk2q", "content": "CRITICAL: Acer Connect M6E 5G Router has a CVSS 10 OS command injection flaw. Remote attackers can run arbitrary OS commands. No patch \u2014 restrict device from untrusted networks & watch for updates. https://radar.offseq.com/threat/cve-2026-49185-cwe-78-improper-neutralization-of-s-b208b2de #OffSeq...", "creation_timestamp": "2026-06-04T04:30:29.809522Z"}, {"uuid": "e5286442-8783-4b15-ad83-50152662f3af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49185", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnh23det5u2k", "content": "CVE-2026-49185 - Instruction Injection via FieldX MDM\nCVE ID : CVE-2026-49185\n \n Published : June 4, 2026, 4:17 a.m. | 2\u00a0hours, 15\u00a0minutes ago\n \n Description : The FieldX MDM adb messaging topic passes unverified payloads directly into\u00a0Runtime.exec(), allowing command/instruct...", "creation_timestamp": "2026-06-04T06:54:06.177011Z"}, {"uuid": "512ac5d8-86d5-497a-ba0a-b98cbb6fe03d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49185", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116693678894328091", "content": "It is possible to see elevated activities targeting Acer Connect M6E 5G Portable WiFi Router (CVE-2026-49185) https://vuldb.com/vuln/368247/cti", "creation_timestamp": "2026-06-04T20:17:22.686276Z"}, {"uuid": "84ceedd9-c43a-46c2-b04a-96daba4891cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49185", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mnxsd7jbfj23", "content": "\ud83d\udea8 CRITICAL: Mobile Device Management Flaw Allows Full Device Takeover\n\nCVE-2026-49185 | CVSS 9.8 | Command Injection\n\n\ud83d\udccb WHAT IT IS:\nFieldX MDM \u2014 a mobile device management platform \u2014 passes unverified payloads directly into Runtime.exec(). This allows attackers to execute arbitrary commands on manag", "creation_timestamp": "2026-06-10T22:50:35.836819Z"}, {"uuid": "e1ed6bb3-edfa-47ed-91a4-048d9811db24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49185", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3mnxrnszke52t", "content": "\ud83d\udea8 CRITICAL ALERT: CVE-2026-49185\n\nCVSS 9.8/10\n\n\ud83d\udccb WHAT IT IS:\nThe FieldX MDM adb messaging topic passes unverified payloads directly into\u00a0Runtime.exec(), allowing command/instruction injection.\n\n\ud83c\udfaf WHO'S AFFECTED:\n  \u2022 See NVD for affected products\n\n\u2694\ufe0f HOW IT'S EXPLOITED:\nAttack vector: unknown vector\n", "creation_timestamp": "2026-06-10T22:38:38.121914Z"}]}