Description
Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-03-05
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Availability (Denial of Service)
Action: Patch
AI Analysis

Impact

The vulnerability is a double free in the window module of Huawei HarmonyOS. This coding error may lead to memory corruption and potentially cause the window service to crash, thereby denying service to users. The flaw is classified as CWE-415, indicating a memory management issue, and no evidence suggests it results in code execution or data exposure.

Affected Systems

Affected vendor and product is Huawei HarmonyOS, specifically version 6.0.0 as indicated by the CPE string. No other versions are listed as affected.

Risk and Exploitability

The CVSS score of 5.1 reflects moderate severity, and an EPSS score of less than 1% indicates a low probability of exploitation. The vulnerability is not present in CISA's Known Exploited Vulnerabilities catalog. The attack vector is not explicitly provided in the CVE data; based on the nature of a double free, it is inferred that exploitation would require interaction with the window module, perhaps through a local user or privileged process, and would mainly result in a crash that disrupts availability.

Generated by OpenCVE AI on April 16, 2026 at 12:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Huawei’s support portal for an update that addresses the double free in the HarmonyOS window module and install it as soon as it becomes available.
  • If no update is available yet, restrict the use of applications or processes that trigger the vulnerable window module until a fix is released.
  • Monitor device logs for crashes or abnormal behavior in the window module and report any incidents to Huawei support to assist in issue resolution.

Generated by OpenCVE AI on April 16, 2026 at 12:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
Title Double free in HarmonyOS window module may cause denial of service

Thu, 05 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
CPEs cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*
Vendors & Products Huawei
Huawei harmonyos

Thu, 05 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 07:45:00 +0000

Type Values Removed Values Added
Description Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-415
References
Metrics cvssV3_1

{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-03-05T15:16:06.687Z

Reserved: 2026-02-28T03:58:12.087Z

Link: CVE-2026-28537

cve-icon Vulnrichment

Updated: 2026-03-05T15:16:01.653Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T08:15:58.347

Modified: 2026-03-05T21:57:45.510

Link: CVE-2026-28537

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:45:35Z

Weaknesses