CVE-2026-40001 | THREATINT

Description

There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traversal bypass.

PUBLISHED Reserved 2026-04-08 | Published 2026-05-06 | Updated 2026-05-06 | Assigner zte

MEDIUM: 5.2CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Problem types

CWE-269: Improper Privilege Management

Product status

Default status

unaffected

ZXCLOUD-iRAI-ClientV7.2X

affected

Credits

Runzi Zhao、Feng Ye、Ziwei Wang finder

References

support.zte.com.cn/...ui/bulletin/detail/1477954674427011121

cve.org (CVE-2026-40001)

nvd.nist.gov (CVE-2026-40001)

Download JSON