CVE-2026-49002 | THREATINT

Description

Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information.

PUBLISHED Reserved 2026-05-27 | Published 2026-05-27 | Updated 2026-05-28 | Assigner zte

CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-284: Improper Access Control

Product status

Default status

unaffected

Versions < V24.40.40CP01 (excluding V24.30.40CP03, V24.40.40CP01)

affected

Credits

Venom Nguyen from VNPT-NET finder

References

support.zte.com.cn/...ui/bulletin/detail/6783201397271515377

cve.org (CVE-2026-49002)

nvd.nist.gov (CVE-2026-49002)

Download JSON