Description
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
Published: 2026-05-19
Score: 3.3 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenHarmony v6.0 and earlier contain an integer overflow in the kernel liteos a component, which allows a local attacker to trigger a denial‑of‑service condition. The weakness is identified as CWE‑190 (Integer Overflow or Wraparound). The impact is restricted to local hosts that can directly interact with the vulnerable kernel facilities; there is no evidence of remote exploitation or privilege escalation in the provided data.

Affected Systems

The affected system is OpenHarmony OpenHarmony, specifically versions 6.0 and earlier. No additional product or vendor variations are noted.

Risk and Exploitability

The CVSS score of 3.3 classifies this vulnerability as low severity, and there is no EPSS data available. The vulnerability is not listed in the CISA KEV catalog, indicating low exploitation likelihood. Based solely on the description, the attack vector appears to be local; a compromise in the local environment is required to execute the integer overflow and cause a denial‑of‑service.

Generated by OpenCVE AI on May 19, 2026 at 04:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the OpenHarmony vendor website or release notes for a version that includes a fix for the kernel integer overflow.
  • Upgrade the affected OpenHarmony installation to a version newer than 6.0 that removes the vulnerability.
  • Apply system hardening measures to limit local attacker privileges, such as disabling unnecessary services and enforcing the principle of least privilege.

Generated by OpenCVE AI on May 19, 2026 at 04:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 04:45:00 +0000

Type Values Removed Values Added
First Time appeared Openharmony
Openharmony openharmony
Vendors & Products Openharmony
Openharmony openharmony

Tue, 19 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
Title kernel_liteos_a has an integer overflow vulnerability
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Openharmony Openharmony
cve-icon MITRE

Status: PUBLISHED

Assigner: OpenHarmony

Published:

Updated: 2026-05-19T02:59:03.757Z

Reserved: 2026-03-03T06:43:20.251Z

Link: CVE-2026-27781

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-19T04:16:28.833

Modified: 2026-05-19T04:16:28.833

Link: CVE-2026-27781

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T04:30:25Z

Weaknesses