Description
Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Published: 2026-03-05
Score: 4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality breach via out-of-bounds read
Action: Apply patch
AI Analysis

Impact

The vulnerability is an out-of-bounds character read in the Bluetooth subsystem of Huawei's HarmonyOS. Successfully exploited, it allows a nearby attacker to read memory content beyond boundaries, exposing potentially sensitive data. The weakness is categorized under CWE‑125 and CWE‑158 and does not provide code execution or denial of service, but it can compromise service confidentiality.

Affected Systems

Huawei HarmonyOS 5.1.0 and HarmonyOS 6.0.0 are affected across a range of consumer devices, including phones, laptops, vision devices, and wearables as referenced by Huawei's consumer support bulletins. The vulnerability centers on the Bluetooth implementation shipped with these operating‑system releases.

Risk and Exploitability

The CVSS score of 4 indicates medium risk, while the EPSS score of less than 1% suggests very low probability of active exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to be within Bluetooth range of the target device, implying a local or proximity-based threat. Overall, the risk is low but the confidentiality impact warrants timely resolution.

Generated by OpenCVE AI on April 16, 2026 at 12:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest HarmonyOS update that addresses the Bluetooth out‑of‑bounds read flaw.
  • If an update is not yet available, disable Bluetooth when not in use or limit its exposure to trusted devices.
  • Monitor Huawei's consumer support bulletins for future fixes and apply any subsequent security updates promptly.

Generated by OpenCVE AI on April 16, 2026 at 12:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Character Read in Bluetooth on Huawei HarmonyOS

Thu, 05 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Weaknesses CWE-125
CPEs cpe:2.3:o:huawei:harmonyos:5.1.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*
Vendors & Products Huawei
Huawei harmonyos

Thu, 05 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 08:15:00 +0000

Type Values Removed Values Added
Description Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Weaknesses CWE-158
References
Metrics cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-03-05T15:40:50.887Z

Reserved: 2026-02-28T03:58:12.087Z

Link: CVE-2026-28540

cve-icon Vulnrichment

Updated: 2026-03-05T15:28:58.298Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T08:15:58.833

Modified: 2026-03-05T21:39:02.117

Link: CVE-2026-28540

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:30:06Z

Weaknesses