Description
Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-03-05
Score: 4.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Availability
Action: Monitor
AI Analysis

Impact

A race condition exists in the HarmonyOS maintenance and diagnostics module that can lead to an interruption of service availability. Exploitation does not enable code execution, data disclosure, or privilege escalation; it primarily disrupts the normal functioning of the affected module.

Affected Systems

The vulnerability is present in Huawei HarmonyOS versions 5.1.0 and 6.0.0, which are used on a range of consumer devices, including smartphones, laptops, and wearables.

Risk and Exploitability

The CVSS score of 4.4 indicates a medium impact. The EPSS score of less than 1 % and lack of inclusion in the KEV catalog suggest a low probability of exploitation in the wild. The attack likely requires access to the maintenance and diagnostics functions, possibly through local or privileged remote interfaces, and would cause only a denial-of-service condition rather than more severe consequences.

Generated by OpenCVE AI on April 16, 2026 at 12:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest HarmonyOS firmware update provided by Huawei that addresses the race condition.
  • Contact Huawei support to confirm the availability of a patch or to request a remediation plan for the diagnostics module.
  • Limit access to the maintenance and diagnostics functionalities to authorized personnel only, enforcing least‑privilege controls and disabling unnecessary remote interfaces.

Generated by OpenCVE AI on April 16, 2026 at 12:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Title Race Condition in HarmonyOS Diagnostics Module Causes Availability Issues

Thu, 05 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
CPEs cpe:2.3:o:huawei:harmonyos:5.1.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*
Vendors & Products Huawei
Huawei harmonyos

Thu, 05 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 08:15:00 +0000

Type Values Removed Values Added
Description Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-362
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-03-05T15:40:39.086Z

Reserved: 2026-02-28T03:58:12.088Z

Link: CVE-2026-28543

cve-icon Vulnrichment

Updated: 2026-03-05T15:28:54.288Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T08:15:59.150

Modified: 2026-03-05T21:39:35.963

Link: CVE-2026-28543

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:30:06Z

Weaknesses