Description
Permission control vulnerability in the HDC module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Published: 2026-02-06
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality Impact
Action: Assess Impact
AI Analysis

Impact

A permission control flaw in the HarmonyOS HDC module can allow an attacker to bypass service access restrictions and read protected data. The vulnerability is tied to permission handling, so once exploited, unauthorized users could gain confidential information. The impact is limited to confidentiality loss, with no evidence of code execution or denial of service.

Affected Systems

Huawei HarmonyOS version 6.0.0 on devices listed in the 2026‑02 consumer support bulletin, including smartphones, laptops, and wearables.

Risk and Exploitability

The CVSS score of 6.3 indicates moderate severity, yet the EPSS value of less than 1% shows a very low probability of exploitation. The flaw is not present in the CISA Known Exploited Vulnerabilities catalog, suggesting limited current use. The likely attack scenario involves local privilege escalation on the device, exploiting the incorrect permission checks within the HDC module to read protected services. Remote exploitation is not documented.

Generated by OpenCVE AI on April 17, 2026 at 22:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Review and apply the Huawei HarmonyOS firmware update referenced in the 2026‑02 support bulletin that addresses the HDC module flaw
  • Restrict applications and services to the minimum necessary permissions to prevent unintended access
  • Disable or remove unnecessary HDC services on the device if the vendor provides a configuration option
  • Monitor device logs for unusual permission escalation events to detect potential exploitation

Generated by OpenCVE AI on April 17, 2026 at 22:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 23:15:00 +0000

Type Values Removed Values Added
Title Permission Control Flaw in HarmonyOS HDC Module Allows Confidentiality Impact

Tue, 10 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*

Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Fri, 06 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Feb 2026 08:45:00 +0000

Type Values Removed Values Added
Description Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Weaknesses CWE-264
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-02-06T16:37:04.946Z

Reserved: 2026-01-28T06:05:05.257Z

Link: CVE-2026-24923

cve-icon Vulnrichment

Updated: 2026-02-06T16:36:57.333Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-06T09:15:50.873

Modified: 2026-02-10T18:10:30.623

Link: CVE-2026-24923

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T23:00:12Z

Weaknesses