What is CVE-2026-40436?

CVE-2026-40436 is a high-severity vulnerability in Zte Zxedm Iems. CVSS score: 7.1/10. Published 2026-04-13.

How severe is CVE-2026-40436?

High severity. CVSS v3 base score is 7.1 out of 10.

Vulnerability in Zte Zxedm Iems

CVE-2026-40436

The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information…

EPSS: 0.000 (11.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H.

Affected products

Zte Zxedm Iems — versions ElasticNet_UME_R32_V16.25.42.04
Zte Zxedm_iems — versions 16.25.42.04
Zte Zxesm_iems — versions 16.25.42.04

References

psirt@zte.com.cn (Vendor Advisory)

Frequently asked questions

What is CVE-2026-40436?: CVE-2026-40436 is a high-severity vulnerability in Zte Zxedm Iems. CVSS score: 7.1/10. Published 2026-04-13.
How severe is CVE-2026-40436?: High severity. CVSS v3 base score is 7.1 out of 10.