CVE-2026-49001

Summary

Cross-site request forgery (CSRF) vulnerabilities allow attackers to exploit a user's authenticated session to forge cross-site requests, inducing the execution of unintended operations such as tampering with configuration data.

Affected Software

VendorProductVersion RangeStatus
ZTEZXUniPOS NDS-LTEVersions < V24.40.40CP01 (excluding V24.30.40CP03, V24.40.40CP01)affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site request forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References