CVE-2026-44410
Deferred Deferred - Pending Action
Business Logic Flaw in ZTE Product Allows Unauthorized Actions

Publication date: 2026-05-26

Last updated on: 2026-05-26

Assigner: ZTE Corporation

Description
This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-26
Generated
2026-06-15
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-44410
EUVD
EUVD-2026-31809
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1240 To fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptographic implementation.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The vulnerability can lead to malicious attacks that may impact the integrity and availability of the affected system. Since the CVSS score indicates low confidentiality impact but low integrity and availability impact, attackers could potentially alter or disrupt system operations.

Executive Summary

This vulnerability is caused by a business logic flaw where attackers exploit legitimate application functions in ways that were not intended by the designers. By using these functions abnormally, attackers can carry out malicious attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44410. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart