CVE-2026-44406
DLL Hijacking in ZTE Cloud PC uSmartView Client
Publication date: 2026-05-07
Last updated on: 2026-05-07
Assigner: ZTE Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zte | cloud_pc_client | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability is a DLL hijacking issue in the ZTE Cloud PC client uSmartView. Specifically, the executable uSmartViewServiceAgent.exe runs with SYSTEM privileges, and due to the DLL hijacking vulnerability, an attacker can trick the system into loading a malicious DLL. This allows the attacker to execute arbitrary code locally with elevated privileges, potentially leading to privilege escalation and memory corruption.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including local arbitrary code execution, which means an attacker can run malicious code on your system. Because the affected process runs with SYSTEM privileges, the attacker can escalate their privileges to the highest level on the system. This can lead to full control over the affected machine, unauthorized actions, and potential memory corruption that could destabilize the system.