CVE-2026-40436
Published: 13 April 2026
Summary
CVE-2026-40436 is a high-severity an unspecified weakness vulnerability in Zte Zxedm Iems. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 10.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly enforces approved authorizations to prevent unauthorized access to the user list acquisition interface in the cloud EMS portal.
Applies least privilege to restrict low-privileged users from accessing sensitive user list and password reset functions.
Manages system accounts to authorize and control access to user management functions including user list retrieval and password resets.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in public-facing cloud EMS portal enables exploitation of public-facing application (T1190) for unauthorized cloud account discovery via user list (T1087.004) and account manipulation through password resets (T1098).
NVD Description
The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the…
more
user list interface. Attackers can reset the passwords of obtained user information, causing risks such as unauthorized operations.
Deeper analysisAI
CVE-2026-40436 is a password reset vulnerability in the ZTE ZXEDM iEMS product, specifically affecting the cloud EMS portal's user management functions. The issue stems from inadequate access controls on the user list acquisition interface, allowing unauthorized reading of the full user list. With this information, attackers can subsequently reset passwords for any user, potentially enabling unauthorized operations on the system.
Exploitation requires network access, low privileges (PR:L), high attack complexity (AC:H), and user interaction (UI:R), with no change in scope (S:U). A low-privileged user could leverage the exposed user list endpoint to enumerate all accounts and initiate password resets, achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), as scored at CVSS 7.1 (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). This could lead to full compromise of affected accounts and broader system control.
ZTE has published a security bulletin addressing this vulnerability at https://support.zte.com.cn/zte-iccp-isupport-webui/support/bulletin/security?lang=en_US&t=0.7465962531829456.
Details
- CWE(s)