CVE-2026-40001

Description

There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traversal bypass.

CVSS Details

CVSS Score

5.2

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Configurations (Affected Products)

No configuration data available.

ZTE 云计算机客户端 (具体受影响版本请参考官方公告)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# Proof of Concept for CVE-2026-40001
# This is a conceptual demonstration of the Path Traversal vulnerability in ZTE PROCESS Guard.

import os

def trigger_vulnerability():
    # The vulnerable service often runs with SYSTEM privileges.
    # We attempt to write a file to a restricted directory using path traversal.
    
    malicious_file = "exploit.dll"
    # Path traversal payload to escape the intended directory
    traversal_payload = "..\\..\\..\\Windows\\System32\\" + malicious_file
    
    print(f"[*] Attempting to write to: {traversal_payload}")
    
    # Simulation of the vulnerable API call
    # In a real scenario, this would involve interacting with the service's named pipe or RPC interface.
    try:
        # hypothetical_vulnerable_function(traversal_payload, b"MALICIOUS_CODE")
        print("[+] Payload sent. If the service is vulnerable, code execution may occur.")
    except Exception as e:
        print(f"[-] Error: {e}")

if __name__ == "__main__":
    trigger_vulnerability()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-40001
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-40001
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-40001/
[4] VulDB https://vuldb.com/cve/CVE-2026-40001
[5] https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1477954674427011121

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-40001", "sourceIdentifier": "[email protected]", "published": "2026-05-06T10:16:19.950", "lastModified": "2026-05-07T14:56:04.523", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traversal bypass."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "baseScore": 5.2, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.0, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-269"}]}], "references": [{"url": "https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/1477954674427011121", "source": "[email protected]"}]}}