Description
Vulnerability of improper criterion security check in the card module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Published: 2026-02-06
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Potential confidentiality breach
Action: Assess Impact
AI Analysis

Impact

The vulnerability is an improper criterion security check in the card module of Huawei HarmonyOS. This flaw can lead to the unauthorized disclosure of service data and could allow an attacker to gain access to sensitive information managed by the card module. The weakness corresponds to improper access control and permission handling. It is a moderate security flaw, with a CVSS score of 5.9, and it threatens the confidentiality of the services that rely on the card module.

Affected Systems

Huawei HarmonyOS versions 5.1.0 and 6.0.0 are affected. The vulnerability was identified as affecting the card module present in these releases.

Risk and Exploitability

The CVSS score of 5.9 indicates a moderate severity. The EPSS score of less than 1% suggests that exploitation is unlikely, and the vulnerability is not listed in the CISA KEV catalog. Likely, the attack vector involves interaction with the card module through local user actions or integration with services that use the module. Based on the description, it is inferred that the flaw requires an attacker to invoke the card module functions, but no remote direct exploitation is explicitly described. The primary risk is confidentiality loss rather than denial of service or privilege escalation.

Generated by OpenCVE AI on April 17, 2026 at 22:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Consult Huawei support and apply any available patch or firmware update that addresses the card module security check.
  • Restrict permissions for card module operations by applying strict access controls and the principle of least privilege.
  • Enable logging and audit trails for all card module activity to detect any unauthorized attempts to access service data.

Generated by OpenCVE AI on April 17, 2026 at 22:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 23:15:00 +0000

Type Values Removed Values Added
Title Improper Security Check in HarmonyOS Card Module Enabling Confidentiality Exposure

Mon, 09 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:huawei:harmonyos:5.1.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*

Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Fri, 06 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
Description Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Weaknesses CWE-264
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-02-06T16:30:36.520Z

Reserved: 2026-01-28T06:05:05.257Z

Link: CVE-2026-24931

cve-icon Vulnrichment

Updated: 2026-02-06T16:30:30.548Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-06T09:15:51.623

Modified: 2026-02-09T19:12:23.180

Link: CVE-2026-24931

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T23:00:12Z

Weaknesses