DLL Hijacking Vulnerability in ZTE Cloud PC Client
CVE-2026-44406

5.7MEDIUM

Key Information:

Vendor: Zte
Status: Zxcloud Irai
Vendor: CVE Published:; 7 May 2026

What is CVE-2026-44406?

The ZTE Cloud PC client, known as uSmartView, is affected by a DLL hijacking vulnerability. This issue arises from the execution of the uSmartViewServiceAgent.exe with SYSTEM privileges. If successfully exploited, it permits local arbitrary code execution, allowing an attacker to execute malicious code with elevated permissions. This vulnerability poses significant risks, including privilege escalation and potential memory corruption, making it crucial for users to apply the latest security patches.

Affected Version(s)

ZXCLOUD iRAI ZXCLOUD-iRAI-ClientV7.2X

References

https://support.zte.com.cn/zte-iccp-isupport-webui/bullet...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
May 6, 2026

Credit

Runzi Zhao, Feng Ye and Ziwei Wang

CVE-2026-44406 Data

JSON

Zte

What is CVE-2026-44406?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit