CVE-2026-44406 | THREATINT

Description

ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.

PUBLISHED Reserved 2026-05-06 | Published 2026-05-07 | Updated 2026-05-07 | Assigner zte

MEDIUM: 5.7CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

Problem types

CWE-427 Uncontrolled Search Path Element

Product status

Default status

unaffected

ZXCLOUD-iRAI-ClientV7.2X

affected

Credits

Runzi Zhao, Feng Ye and Ziwei Wang finder

References

support.zte.com.cn/...ui/bulletin/detail/8107253322107965601

cve.org (CVE-2026-44406)

nvd.nist.gov (CVE-2026-44406)

Download JSON