Description
Identity authentication bypass vulnerability in the window module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Published: 2026-02-06
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Identity Authentication Bypass
Action: Assess Impact
AI Analysis

Impact

The vulnerability is an identity authentication bypass in the HarmonyOS window module. Successful exploitation may allow a malicious actor to bypass authentication controls and potentially compromise the confidentiality of the service. This flaw is identified as a leakage of information (CWE‑200).

Affected Systems

The affected product is Huawei HarmonyOS, specifically version 6.0.0. The CPE indicates that the flaw applies to the HarmonyOS operating system at that release.

Risk and Exploitability

The CVSS score of 5.9 indicates a moderate severity vulnerability. The EPSS score of less than 1% suggests a very low probability of exploitation. The vulnerability is not listed in CISA's KEV catalog. The attack vector is not explicitly described in the CVE, but the nature of the flaw—as an identity authentication bypass within the window module—implies that an attacker may need local access or user interaction on the device to exploit it. The primary impact is on service confidentiality.

Generated by OpenCVE AI on April 17, 2026 at 22:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official Huawei security patch for HarmonyOS 6.0.0 once released.
  • Restrict or disable the window module’s exposure to untrusted inputs through device configuration or security policies.
  • Continuously monitor device logs for suspicious authentication attempts or unauthorized access patterns.

Generated by OpenCVE AI on April 17, 2026 at 22:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 23:15:00 +0000

Type Values Removed Values Added
Title Identity Authentication Bypass in HarmonyOS Window Module

Tue, 10 Feb 2026 18:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*

Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Fri, 06 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 06 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
Description Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-02-06T16:29:10.620Z

Reserved: 2026-01-28T06:05:05.256Z

Link: CVE-2026-24916

cve-icon Vulnrichment

Updated: 2026-02-06T16:28:11.382Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-06T09:15:49.803

Modified: 2026-02-10T17:53:42.560

Link: CVE-2026-24916

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T23:00:12Z

Weaknesses