Description
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.
Published: 2026-05-19
Score: 8.4 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds write flaw in the kernel LiteOS‑a component of OpenHarmony enables a local attacker to crash the system. Because the vulnerability causes a denial of service that cannot be recovered without a reboot, it directly impacts system availability. The weakness corresponds to CWE‑787, which is an out‑of‑bounds write vulnerability.

Affected Systems

The advisory lists OpenHarmony (OpenHarmony) as the affected vendor. All releases based on kernel LiteOS‑a up to and including version 6.0 are vulnerable. No additional product or version scope is supplied by the CNA.

Risk and Exploitability

The CVSS base score of 8.4 rates the vulnerability as high severity and the EPSS score is not provided, meaning the likelihood of exploitation is currently unknown. The vulnerability is not listed in the CISA KEV catalog, indicating no confirmed widespread exploitation to date. Because the flaw can only be triggered from a local context, a local user or process with sufficient permissions is required. Successful exploitation will likely result in an unrecoverable system crash, necessitating a reboot and potentially causing downtime for any services running on the impacted device.

Generated by OpenCVE AI on May 19, 2026 at 04:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Follow the OpenHarmony security advisory referenced in the CVE report and apply any available kernel LiteOS‑a fixes as listed by the vendor.
  • Upgrade to an OpenHarmony release newer than 6.0 once a patch is made available.
  • Limit local user privileges and enforce least‑privilege principles to reduce the attack surface for local exploitation.

Generated by OpenCVE AI on May 19, 2026 at 04:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 04:45:00 +0000

Type Values Removed Values Added
First Time appeared Openharmony
Openharmony openharmony
Vendors & Products Openharmony
Openharmony openharmony

Tue, 19 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.
Title kernel_liteos_a has an out-of-bounds write vulnerability
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N'}

Subscriptions

Openharmony Openharmony
cve-icon MITRE

Status: PUBLISHED

Assigner: OpenHarmony

Published:

Updated: 2026-05-19T03:08:30.498Z

Reserved: 2026-04-07T08:39:23.548Z

Link: CVE-2026-25781

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-19T04:16:28.280

Modified: 2026-05-19T04:16:28.280

Link: CVE-2026-25781

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T04:30:25Z

Weaknesses