CVE-2026-40002
Received Received - Intake

Privilege Escalation via Unvalidated Service Interface in Red Magic 11 Pro

Vulnerability report for CVE-2026-40002, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-17

Last updated on: 2026-04-17

Assigner: ZTE Corporation

Description

Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations. The vulnerability stems from the lack of validation for applications accessing the service interface. Exploiting this vulnerability, an attacker can write files to specific partitions and set writable system properties.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-17
Last Modified
2026-04-17
Generated
2026-07-06
AI Q&A
2026-04-17
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
zte red_magic_11_pro nx809j

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The Red Magic 11 Pro (NX809J) has a vulnerability where non-privileged applications can trigger sensitive operations because the system does not properly validate which applications can access a certain service interface.

This flaw allows an attacker to write files to specific partitions and modify writable system properties, actions that should normally require higher privileges.

Impact Analysis

Exploiting this vulnerability could allow an attacker to write unauthorized files to important partitions and change system properties, potentially compromising system integrity and security.

Since the attacker only needs limited privileges to perform these actions, it increases the risk of unauthorized modifications and possible further exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40002. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart