Privilege Escalation Vulnerability in ZTE Cloud PC Client uSmartview
CVE-2026-40004

5.5MEDIUM

Key Information:

Vendor: Zte
Status: Zxcloud Irai
Vendor: CVE Published:; 7 May 2026

What is CVE-2026-40004?

A privilege escalation vulnerability has been identified in the openssl.cnf configuration of the ZTE Cloud PC client called uSmartview. This flaw enables an attacker to execute arbitrary code locally, resulting in elevated privileges on the affected system. Users of uSmartview should seek to implement necessary updates and mitigation strategies to protect their systems from potential exploitation.

Affected Version(s)

ZXCLOUD iRAI ZXCLOUD-iRAI-ClientV7.2X

References

https://support.zte.com.cn/zte-iccp-isupport-webui/bullet...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
Apr 8, 2026

Credit

Runzi Zhao, Feng Ye and Ziwei Wang

CVE-2026-40004 Data

JSON

Zte

What is CVE-2026-40004?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit