CVE-2026-40001

Published: May 6, 2026Modified: May 7, 2026

5.2

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Exploitability: 2.0 / Impact: 2.7

Source: psirt@zte.com.cn (Secondary)

Description

There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traversal bypass.

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (1)

https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1477954674427011121

Source: psirt@zte.com.cn

Timeline

No history available yet.