What is GHSA-5xrr-7q3m-rh98?

GHSA-5xrr-7q3m-rh98 is a security advisory published by GitHub Security Advisories with Critical severity. The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES...

Which CVE IDs does GHSA-5xrr-7q3m-rh98 cover?

GHSA-5xrr-7q3m-rh98 covers the following CVE IDs: CVE-2026-49201. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

GHSA-5xrr-7q3m-rh98Critical

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES...

Vendor

GitHub Security Advisories

Published

May 29, 2026

Last Modified

May 29, 2026

🔗 CVE IDs covered (1)

CVE-2026-49201 →

📋 Description

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-49201
https://community.acer.com/en/kb/articles/19673
https://github.com/advisories/GHSA-5xrr-7q3m-rh98