Description
Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-03-05
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Availability (Denial of Service)
Action: Apply Update
AI Analysis

Impact

A buffer overflow has been identified in the HarmonyOS scanning module. This fault can allow an attacker to corrupt memory during a scanning operation, potentially causing the scanner, and in the worst case the entire system, to crash or become unresponsive. The weakness aligns with CWE‑122 and is limited to a loss of availability rather than code execution or data compromise.

Affected Systems

The vulnerability affects Huawei HarmonyOS version 6.0.0. Devices running this build should be considered at risk until the issue is remedied.

Risk and Exploitability

The CVSS score of 5.9 indicates moderate severity. The EPSS score of less than 1% suggests that the chance of exploitation in the wild is low. HarmonyOS is not listed in the CISA KEV catalog. Exploitation would require the attacker to invoke the vulnerable scanning routine, which is likely to be executed locally by a user or a background service; no remote or network‑based attack vector is reported.

Generated by OpenCVE AI on April 16, 2026 at 12:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest HarmonyOS firmware update that fixes the scanning module buffer overflow.
  • If an update is unavailable, disable the scanning feature via device settings to avoid triggering the vulnerability.
  • Monitor device logs for abnormal scanning activity to detect any attempts to exploit the flaw.
  • Regularly check Huawei’s support portal for the most recent security advisories and patches.

Generated by OpenCVE AI on April 16, 2026 at 12:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in HarmonyOS Scanning Module Causing Availability Issues

Thu, 05 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
CPEs cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*
Vendors & Products Huawei
Huawei harmonyos

Thu, 05 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 08:30:00 +0000

Type Values Removed Values Added
Description Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-03-05T15:40:33.542Z

Reserved: 2026-02-28T03:58:12.088Z

Link: CVE-2026-28546

cve-icon Vulnrichment

Updated: 2026-03-05T15:28:52.303Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T09:16:11.240

Modified: 2026-03-05T21:45:03.690

Link: CVE-2026-28546

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:30:06Z

Weaknesses