CVE-2026-44406

MEDIUM 5.7

DLL Hijacking Vulnerability in ZTE Cloud PC Client uSmartview

CVSS Score

5.7

EPSS Score

0.0%

EPSS Percentile

0th

ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.

CWE	CWE-427
Vendor	zte
Product	zxcloud irai
Published	May 7, 2026

Stay Ahead of the Next One

Get instant alerts for zte zxcloud irai

Be the first to know when new medium vulnerabilities affecting zte zxcloud irai are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

Low

Affected Versions

ZTE / ZXCLOUD iRAI

ZXCLOUD-iRAI-ClientV7.2X

References

NVD ↗ CVE.org ↗ EPSS Data ↗

support.zte.com.cn: https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/8107253322107965601

Credits

Runzi Zhao, Feng Ye and Ziwei Wang