CVE-2026-40001

Summary

There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traversal bypass.

Affected Software

VendorProductVersion RangeStatus
ZTEZTE PROCESS Guard serviceZXCLOUD-iRAI-ClientV7.2Xaffected

Weaknesses

  • CWE-269: CWE-269: Improper Privilege Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References