CVE-2026-40002 MEDIUM

CVE-2026-40002: ZTE Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations.

Vendor Zte
Product Red Magic 11 Pro (NX809J)
Weakness CWE-269
Published April 17, 2026
Last update April 17, 2026
View on NVD All CVEs

CVSS base score

5.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations. The vulnerability stems from the lack of validation for applications accessing the service interface. Exploiting this vulnerability, an attacker can write files to specific partitions and set writable system properties.

Key dates

02Disclosure timeline

April 17, 2026 CVE published
April 17, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-8424 WatchGuard Endpoint Protection Privilege Escalation in PSANHost Enables Arbitrary File Delete as SYSTEM CVE-2026-4314 The Ultimate WordPress Toolkit – WP Extended <= 3.2.4 - Authenticated (Subscriber+) Privilege Escalation via Menu Editor Module CVE-2020-8258 CVE-2024-52336 Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root CVE-2024-33552 WordPress XStore Core plugin <= 5.3.8 - Unauthenticated Account Takeover vulnerability