CVE-2026-49002 CRITICAL

CVE-2026-49002: Broken Access Control Vulnerabily in ZTE ZXUniPOS NDS-LTE product

Vendor Zte
Product ZXUniPOS NDS-LTE
Weakness CWE-284
Published May 27, 2026
Last update May 28, 2026

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information.

Key dates

02Disclosure timeline

May 27, 2026 CVE published
May 28, 2026 Record updated