Local Privilege Escalation Vulnerability in ZTE PROCESS Guard Service
CVE-2026-40001

5.2MEDIUM

Key Information:

Vendor: Zte
Status: Zte Process Guard Service
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-40001?

A local privilege escalation vulnerability exists in the ZTE PROCESS Guard service within the cloud computer client. This vulnerability could allow an attacker to execute arbitrary code locally, leading to unauthorized privilege escalation and possible path traversal bypass. Systems running the affected versions are at risk, highlighting the need for immediate attention and remediation.

Affected Version(s)

ZTE PROCESS Guard service ZXCLOUD-iRAI-ClientV7.2X

References

https://support.zte.com.cn/zte-iccp-isupport-webui/bullet...

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
Apr 8, 2026

Credit

Runzi Zhao、Feng Ye、Ziwei Wang

CVE-2026-40001 Data

JSON

Zte

What is CVE-2026-40001?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit