CVE-2026-40004

MEDIUM 5.5

openssl.cnf Privilege Escalation Vulnerability in ZTE Cloud PC Client uSmartview

CVSS Score

5.5

EPSS Score

0.0%

EPSS Percentile

0th

There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges.

CWE	CWE-427
Vendor	zte
Product	zxcloud irai
Published	May 7, 2026

Stay Ahead of the Next One

Get instant alerts for zte zxcloud irai

Be the first to know when new medium vulnerabilities affecting zte zxcloud irai are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N

Attack Vector

Physical

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

None

Affected Versions

ZTE / ZXCLOUD iRAI

ZXCLOUD-iRAI-ClientV7.2X

References

NVD ↗ CVE.org ↗ EPSS Data ↗

support.zte.com.cn: https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/3126272076755775573

Credits

Runzi Zhao, Feng Ye and Ziwei Wang