What is CVE-2026-44409?

CVE-2026-44409 is a medium-severity vulnerability in Zte Mu5250, classified under Information Disclosure. CVSS score: 5.7/10. Published 2026-05-22.

How severe is CVE-2026-44409?

Medium severity. CVSS v3 base score is 5.7 out of 10.

Auth bypass in Zte Mu5250

CVE-2026-44409

There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the risk of information disclosure.

Vulnerability class: Information Disclosure

EPSS: 0.000 (14.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.7 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Zte Mu5250 — versions BD_FLYMODEMMU5250V1.0.0B27
Zte Mu5250_firmware — versions 1.0.0b27

Weakness classification (CWE)

CWE-200 — Information Disclosure
CWE-862 — Missing Authorization

References

psirt@zte.com.cn (Vendor Advisory)

Frequently asked questions

What is CVE-2026-44409?: CVE-2026-44409 is a medium-severity vulnerability in Zte Mu5250, classified under Information Disclosure. CVSS score: 5.7/10. Published 2026-05-22.
How severe is CVE-2026-44409?: Medium severity. CVSS v3 base score is 5.7 out of 10.