Description
Out-of-bounds write vulnerability in the file system module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Published: 2026-02-06
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Potential data corruption and confidentiality compromise
Action: Update Firmware
AI Analysis

Impact

Based on the description, it is inferred that the vulnerability is an out‑of‑bounds write in the file system module that can corrupt files or overwrite memory. The impact is limited to data confidentiality and potential data integrity loss; an attacker who can supply crafted input could cause unintended data leakage or system corruption.

Affected Systems

Huawei EMUI 14.2.0 and HarmonyOS 4.2.0 are affected by this vulnerability.

Risk and Exploitability

The CVSS score of 5.8 indicates a moderate risk. The EPSS score of less than 1% suggests that exploitation is unlikely but not impossible, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that exploitation would require delivering a malicious file or directory that the system processes, either locally or through a feature that accepts external inputs.

Generated by OpenCVE AI on April 18, 2026 at 13:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official firmware update released by Huawei for EMUI 14.2.0 or HarmonyOS 4.2.0
  • Avoid processing or uploading untrusted files until the update is applied
  • If possible, temporarily disable or restrict file‑system write operations that are not essential to device operation
  • Check Huawei’s support portal regularly for additional advisories or patches

Generated by OpenCVE AI on April 18, 2026 at 13:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Write Vulnerability in Huawei EMUI and HarmonyOS File System Module

Mon, 09 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:o:huawei:emui:14.2.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:4.2.0:*:*:*:*:*:*:*

Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei emui
Huawei harmonyos
Vendors & Products Huawei
Huawei emui
Huawei harmonyos

Fri, 06 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Feb 2026 09:30:00 +0000

Type Values Removed Values Added
Description Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Weaknesses CWE-680
References
Metrics cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L'}

Subscriptions

Huawei Emui Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-02-06T16:04:47.862Z

Reserved: 2026-01-28T06:05:05.257Z

Link: CVE-2026-24928

cve-icon Vulnrichment

Updated: 2026-02-06T16:04:40.459Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-06T10:16:07.820

Modified: 2026-02-09T19:13:29.427

Link: CVE-2026-24928

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T13:45:45Z

Weaknesses