Description
in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input.
Published: 2026-03-16
Score: 5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (local)
Action: Immediate Patch
AI Analysis

Impact

In OpenHarmony versions 5.1.0 and earlier, the ability runtime component fails to properly validate input, allowing a local attacker to trigger a denial‑of‑service condition. This flaw is rooted in CWE‑20 (Improper Input Validation) and can cause the system or specific services to become unresponsive when malformed data is processed. The impact is confined to the local machine, where the attacker can disrupt availability of the operating system or critical applications.

Affected Systems

Affected products are OpenHarmony (OpenAtom) versions 5.0.3 and 5.1.0 (and any prior releases). The CNA identifies these as vulnerable, with the bug present in both tagged releases.

Risk and Exploitability

The CVSS score of 5 denotes moderate severity, while the EPSS score of less than 1% indicates a low probability of exploitation in the wild. The vulnerability has not been reported in CISA’s KEV catalog and appears to be exploitable only by an attacker with local access. Consequently, the overall risk is moderate, but the likelihood of real‑world exploitation remains low.

Generated by OpenCVE AI on March 17, 2026 at 22:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest OpenHarmony update (deployed after 5.1.0) or vendor patch to fix the input validation issue.
  • If an immediate update is unavailable, limit local user privileges and isolate the system from critical services until a patch can be applied.
  • Monitor system logs for abnormal activity that may signal attempts to abuse the vulnerability.

Generated by OpenCVE AI on March 17, 2026 at 22:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Openatom
Openatom openharmony
CPEs cpe:2.3:o:openatom:openharmony:5.0.3:*:*:*:-:*:*:*
cpe:2.3:o:openatom:openharmony:5.1.0:*:*:*:-:*:*:*
Vendors & Products Openatom
Openatom openharmony

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Openharmony
Openharmony openharmony
Vendors & Products Openharmony
Openharmony openharmony

Mon, 16 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 07:30:00 +0000

Type Values Removed Values Added
Description in OpenHarmony v5.1.0 and prior versions allow a local attacker cause DOS through improper input.
Title ability_ability_runtime an improper input validation vulnerability
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Openatom Openharmony
Openharmony Openharmony
cve-icon MITRE

Status: PUBLISHED

Assigner: OpenHarmony

Published:

Updated: 2026-03-16T17:21:51.294Z

Reserved: 2025-07-01T12:16:26.715Z

Link: CVE-2025-6969

cve-icon Vulnrichment

Updated: 2026-03-16T17:20:15.782Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:18:02.277

Modified: 2026-03-17T19:59:42.463

Link: CVE-2025-6969

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:45:29Z

Weaknesses