What is CVE-2026-44407?

CVE-2026-44407 is a medium-severity vulnerability in Zte Zxcloud Irai, classified under Use of Externally-Controlled Format String. CVSS score: 4.7/10. Published 2026-05-07.

How severe is CVE-2026-44407?

Medium severity. CVSS v3 base score is 4.7 out of 10.

Vulnerability in Zte Zxcloud Irai

CVE-2026-44407

A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.

EPSS: 0.000 (9.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.7 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Zte Zxcloud Irai — versions ZXCLOUD-iRAI-ClientV7.2X
Zte Zxcloud_irai

Weakness classification (CWE)

CWE-134 — Use of Externally-Controlled Format String

References

psirt@zte.com.cn (Vendor Advisory)

Frequently asked questions

What is CVE-2026-44407?: CVE-2026-44407 is a medium-severity vulnerability in Zte Zxcloud Irai, classified under Use of Externally-Controlled Format String. CVSS score: 4.7/10. Published 2026-05-07.
How severe is CVE-2026-44407?: Medium severity. CVSS v3 base score is 4.7 out of 10.