CVE-2026-49001 | THREATINT

Description

Cross-site request forgery (CSRF) vulnerabilities allow attackers to exploit a user's authenticated session to forge cross-site requests, inducing the execution of unintended operations such as tampering with configuration data.

PUBLISHED Reserved 2026-05-27 | Published 2026-05-27 | Updated 2026-05-28 | Assigner zte

MEDIUM: 5.3CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:L

Problem types

CWE-352 Cross-Site request forgery (CSRF)

Product status

Default status

unaffected

Versions < V24.40.40CP01 (excluding V24.30.40CP03, V24.40.40CP01)

affected

Credits

Venom Nguyen from VNPT-NET finder

References

support.zte.com.cn/...ui/bulletin/detail/3711746568357343400

cve.org (CVE-2026-49001)

nvd.nist.gov (CVE-2026-49001)

Download JSON