CVE-2026-44407
CVE-2026-44407 is a medium-severity vulnerability in Zte Zxcloud Irai with a CVSS 3.x base score of 4.7. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-134.
Key facts
- Severity: Medium (CVSS 3.x base score 4.7)
- EPSS exploit prediction: 0% (19th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-28340
- Weakness: CWE-134
- Affected product: Zte Zxcloud Irai
- Published:
- Last modified:
Description
A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.
Frequently asked questions
- What is CVE-2026-44407?
- A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.
- How severe is CVE-2026-44407?
- CVE-2026-44407 has a CVSS 3.x base score of 4.7, rated medium severity. It is exploitable over local access with high attack complexity, requires low privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2026-44407 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (19th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2026-44407?
- CVE-2026-44407 affects Zte Zxcloud Irai. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2026-44407?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2026-44407 have an EU (EUVD) identifier?
- Yes. CVE-2026-44407 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-28340.
- When was CVE-2026-44407 published?
- CVE-2026-44407 was published on 2026-05-07 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:zte:zxcloud_irai:*:*:*:*:*:*:*:*
More vulnerabilities in Zte Zxcloud Irai
- CVE-2021-21731 — High (CVSS 8.1): A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management…
- CVE-2023-41776 — Medium (CVSS 6.7): There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can…
- CVE-2023-25650 — Medium (CVSS 6.5): There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or…
- CVE-2023-25648 — Medium (CVSS 6.5): There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an…
- CVE-2023-41780 — Medium (CVSS 6.4): There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate…
- CVE-2024-22062 — Medium (CVSS 6.3): There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate non-administrator…
All CVEs affecting Zte Zxcloud Irai →
Other CWE-134 vulnerabilities
- CVE-2012-1851 — Critical (CVSS 10.0): Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,…
- CVE-2012-0242 — Critical (CVSS 10.0): Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary…
- CVE-2011-2475 — Critical (CVSS 10.0): Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server…
- CVE-2011-1568 — Critical (CVSS 10.0): Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and…
- CVE-2010-4235 — Critical (CVSS 10.0): Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server…
- CVE-2011-0270 — Critical (CVSS 10.0): Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows…