CVE-2026-44410
Deferred Deferred - Pending Action

Business Logic Flaw in ZTE Product Allows Unauthorized Actions

Vulnerability report for CVE-2026-44410, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-26

Last updated on: 2026-05-26

Assigner: ZTE Corporation

Description

This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-26
Last Modified
2026-05-26
Generated
2026-07-06
AI Q&A
2026-05-26
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1240 To fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptographic implementation.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is caused by a business logic flaw where attackers exploit legitimate application functions in ways that were not intended by the designers. By using these functions abnormally, attackers can carry out malicious attacks.

Impact Analysis

The vulnerability can lead to malicious attacks that may impact the integrity and availability of the affected system. Since the CVSS score indicates low confidentiality impact but low integrity and availability impact, attackers could potentially alter or disrupt system operations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44410. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart