Description
Out-of-bounds write vulnerability in the camera module.
Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-02-06
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Availability (Denial of Service)
Action: Patch Immediately
AI Analysis

Impact

The vulnerability is an out‑of‑bounds write in the camera module of Huawei HarmonyOS. Writing beyond the allocated buffer can corrupt adjacent memory, potentially causing the system to crash or behave unpredictably. The stated primary impact is availability, meaning the system may become unusable or require a reboot. No direct data disclosure or execution path is described, so the threat is limited to disruption rather than data compromise or code execution.

Affected Systems

The affected platform is Huawei HarmonyOS, specifically version 6.0.0 as identified by the CNA notes and the CPE string.

Risk and Exploitability

The flaw receives a CVSS score of 8.4, indicating a high severity. The EPSS score is less than 1 %, pointing to a low probability of exploitation in the current market, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is not explicitly detailed in the advisory; the flaw resides in the camera module, which could be accessed by local applications or system services that request camera use. Based on CVSS attributes, exploitation likely requires either local or at least privileged access to the device.

Generated by OpenCVE AI on April 17, 2026 at 22:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the HarmonyOS firmware update published in the 2026/2 support bulletin to patch the camera module flaw.
  • If a patch is not yet available, restrict camera permissions: deny camera access to non‑trusted applications and enforce strict privilege separation for services that rely on camera input.
  • Consider disabling the camera hardware or sandboxing camera processes until the official fix is deployed, thereby isolating the flaw from the rest of the system.

Generated by OpenCVE AI on April 17, 2026 at 22:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 23:15:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write in HarmonyOS Camera Module

Tue, 10 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*

Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Fri, 06 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 06 Feb 2026 08:30:00 +0000

Type Values Removed Values Added
Description Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-02-06T17:06:22.736Z

Reserved: 2026-01-28T06:05:05.257Z

Link: CVE-2026-24926

cve-icon Vulnrichment

Updated: 2026-02-06T17:06:13.796Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-06T09:15:51.170

Modified: 2026-02-10T18:12:03.213

Link: CVE-2026-24926

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T23:00:12Z

Weaknesses