Description
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. This vulnerability can be exploited only in restricted scenarios.
Published: 2026-03-16
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure (Local)
Action: Assess Impact
AI Analysis

Impact

The vulnerability is an improper input validation flaw in OpenHarmony's IPC communication module. It allows a local attacker to provide malformed data that can potentially expose internal information or cause unintended application behavior. This weakness is categorized as CWE-20 and does not enable remote code execution or privilege escalation.

Affected Systems

Affected vendors and products are OpenHarmony, specifically the OpenHarmony operating system. Versions v5.0.3 and all earlier releases are impacted. The Common Platform Enumeration string confirms the affected product as cpe:2.3:o:openatom:openharmony:5.0.3:*:*:*:-:*:*:*.

Risk and Exploitability

The CVSS score is 3.3, indicating low severity. The EPSS score is less than 1%, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, suggesting that exploitation is unlikely and would require only local access under restricted scenarios. Attackers would need to run code or send crafted IPC messages from a trusted local process to trigger the flaw.

Generated by OpenCVE AI on March 17, 2026 at 21:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor's website or security advisories for an update that addresses this issue.
  • Limit IPC interactions to trusted or signed applications and remove unnecessary IPC routes.
  • Monitor system logs for abnormal IPC activity and apply local isolation such as containerization to reduce the attack surface.

Generated by OpenCVE AI on March 17, 2026 at 21:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Openatom
Openatom openharmony
CPEs cpe:2.3:o:openatom:openharmony:5.0.3:*:*:*:-:*:*:*
Vendors & Products Openatom
Openatom openharmony

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Openharmony
Openharmony openharmony
Vendors & Products Openharmony
Openharmony openharmony

Mon, 16 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 07:30:00 +0000

Type Values Removed Values Added
Description in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. This vulnerability can be exploited only in restricted scenarios.
Title communication_ipc an improper input validation vulnerability
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Openatom Openharmony
Openharmony Openharmony
cve-icon MITRE

Status: PUBLISHED

Assigner: OpenHarmony

Published:

Updated: 2026-03-16T17:23:18.511Z

Reserved: 2025-03-02T07:20:06.749Z

Link: CVE-2025-26474

cve-icon Vulnrichment

Updated: 2026-03-16T17:23:14.227Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:17:57.253

Modified: 2026-03-17T19:57:02.993

Link: CVE-2025-26474

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:45:31Z

Weaknesses