Description
Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Published: 2026-03-05
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Service confidentiality compromise
Action: Assess Impact
AI Analysis

Impact

The vulnerability involves improper handling of data within Huawei HarmonyOS’s certificate management module. If successfully exploited, it could compromise the confidentiality of services that rely on certificate processing, potentially exposing sensitive information managed by the system. No claim is made that an attacker can arbitrarily tamper with certificate data.

Affected Systems

The flaw affects Huawei HarmonyOS releases 5.1.0 and 6.0.0, as identified by the listed CPE entries. No other product families or builds are indicated as impacted.

Risk and Exploitability

The CVSS score of 6.2 indicates medium severity, while the EPSS score of < 1% indicates a very low likelihood of exploitation at present. The vulnerability is not listed in CISA’s KEV catalog, implying it has not been observed in large‑scale attacks. The attack vector is not explicitly described; it is inferred that a process or user capable of supplying custom data to the certificate management module could trigger the issue, possibly requiring elevated privileges or local system access. The overall risk profile therefore centers on specialized attackers who can influence certificate‑related data handling to compromise confidentiality.

Generated by OpenCVE AI on April 18, 2026 at 09:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest HarmonyOS firmware updates from Huawei as soon as a patch is released, ensuring the vulnerability is corrected.
  • Implement strict input validation and bounds checking on all data passed to the certificate management module to mitigate incorrect data processing.
  • If a patch is not yet available, consider disabling or restricting certificate handling features that are not essential to your device’s operation.

Generated by OpenCVE AI on April 18, 2026 at 09:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title Certificate Management Data Processing Vulnerability Threatening Service Confidentiality

Thu, 05 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:huawei:harmonyos:5.1.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*
Vendors & Products Huawei
Huawei harmonyos

Thu, 05 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 08:15:00 +0000

Type Values Removed Values Added
Description Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Weaknesses CWE-19
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-03-05T15:40:56.388Z

Reserved: 2026-02-28T03:58:12.087Z

Link: CVE-2026-28539

cve-icon Vulnrichment

Updated: 2026-03-05T15:29:00.561Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T08:15:58.670

Modified: 2026-03-05T21:38:35.517

Link: CVE-2026-28539

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T10:00:10Z

Weaknesses