CVE-2026-44406 MEDIUM

CVE-2026-44406: DLL Hijacking Vulnerability in ZTE Cloud PC Client uSmartview

Vendor Zte
Product ZXCLOUD iRAI
Weakness CWE-427
Published May 7, 2026
Last update May 7, 2026

CVSS base score

5.7/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

What the vulnerability does

01Description

ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.

Key dates

02Disclosure timeline

May 7, 2026 CVE published
May 7, 2026 Record updated