Local privilege escalation vulnerability in ZTE PROCESS Guard service of...

5.2 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Description

There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traversal bypass.

Basic Information

ID CVE-2026-40001

Source zte

Published May 6, 2026 at 08:48

Affected Product

Vendor ZTE

Product ZTE PROCESS Guard service

Version ZXCLOUD-iRAI-ClientV7.2X

Affected Versions ZTE ZTE PROCESS Guard service ZXCLOUD-iRAI-ClientV7.2X

CWE Classification

CWE-269

References

support.zte.com.cn /zte-iccp-isupport-webui/bulletin/detail/1477954674427011121

{
    "lastseen": "",
    "description": "There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traversal bypass.",
    "published": "2026-05-06T08:48:10.466Z",
    "modified": "2026-05-06T08:48:10.466Z",
    "type": "cve",
    "title": "Local privilege escalation vulnerability in ZTE PROCESS Guard service of the cloud computer client",
    "source": "zte",
    "references": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1477954674427011121",
    "id": "CVE-2026-40001",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "ZTE ZTE PROCESS Guard service ZXCLOUD-iRAI-ClientV7.2X",
    "sourceHref": "",
    "cvss": {
        "score": 5.2,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ZTE PROCESS Guard service",
    "version": "ZXCLOUD-iRAI-ClientV7.2X",
    "vendor": "ZTE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Local privilege escalation vulnerability in ZTE PROCESS Guard service of the cloud computer client_CVE-2026-40001