CVE-2026-44406 PUBLISHED

DLL Hijacking Vulnerability in ZTE Cloud PC Client uSmartview

Assigner: zte
Reserved: 06.05.2026 Published: 07.05.2026 Updated: 07.05.2026

ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
CVSS Score: 5.7

Attack Vector	Local	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	ZTE
Product	ZXCLOUD iRAI
Versions	Default: unaffected Version ZXCLOUD-iRAI-ClientV7.2X is affected

Credits

Runzi Zhao, Feng Ye and Ziwei Wang finder

References

https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/8107253322107965601

Problem Types

CWE-427 Uncontrolled Search Path Element CWE

Impacts

CAPEC-471 Search Order Hijacking