Description
Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-03-05
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Availability disruption via permission bypass
Action: Apply Update
AI Analysis

Impact

The vulnerability is a permission bypass in the system service framework of Huawei EMUI and HarmonyOS. If exploited, it can lead to device availability issues by causing system services to fail or restart, thereby degrading user functionality.

Affected Systems

The flaw affects Huawei EMUI versions 13.0.0, 14.0.0, and 14.2.0, as well as HarmonyOS versions 3.1.0, 4.0.0, and 4.2.0, as identified by the listed CPE strings.

Risk and Exploitability

The CVSS score of 7.3 indicates moderate to high severity. The EPSS score is recorded as less than 1 %, implying a low likelihood of exploitation in the wild. The vulnerability is not included in the CISA KEV catalog. The description implies that the attack vector requires a malicious application or process with elevated permissions to bypass the system service framework checks, limiting the exploitation surface to local or privileged contexts.

Generated by OpenCVE AI on April 17, 2026 at 12:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest firmware update from Huawei for EMUI or HarmonyOS that addresses this flaw.
  • Until an update is available, restrict the use of applications that request system‑level permissions and revoke any unnecessary elevated privileges.
  • Monitor device logs for abnormal restarts or failures of critical system services, and disable any services exhibiting persistent issues until the vulnerability is patched.

Generated by OpenCVE AI on April 17, 2026 at 12:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Title Permission bypass allowing availability disruption on Huawei devices

Thu, 05 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei emui
Huawei harmonyos
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:emui:14.0.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:emui:14.2.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:4.2.0:*:*:*:*:*:*:*
Vendors & Products Huawei
Huawei emui
Huawei harmonyos

Thu, 05 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Description Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-755
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L'}

Subscriptions

Huawei Emui Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-03-05T14:42:06.487Z

Reserved: 2026-02-28T03:58:12.088Z

Link: CVE-2026-28542

cve-icon Vulnrichment

Updated: 2026-03-05T14:42:03.143Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T09:16:11.070

Modified: 2026-03-05T21:41:37.287

Link: CVE-2026-28542

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T13:00:11Z

Weaknesses