CVE-2026-49002 CRITICAL

CVE-2026-49002: Broken Access Control Vulnerabily in ZTE ZXUniPOS NDS-LTE product

Vendor Zte

Product ZXUniPOS NDS-LTE

Weakness CWE-284

Published May 27, 2026

Last update May 28, 2026

View on NVD All CVEs

CVSS base score

9.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information.

Key dates

02Disclosure timeline

May 27, 2026 CVE published

May 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-49002 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

Identifiers

CVE CVE-2026-49002

CWE CWE-284

CVSS 9.1 / CRITICAL

Affected versions