Description
Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Published: 2026-03-05
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality breach
Action: Immediate Patch
AI Analysis

Impact

The vulnerability stems from improper verification in Huawei's email application, resulting in a potential confidentiality breach. An attacker that succeeds at exploiting this flaw could read or exfiltrate email content or possibly gain unauthorized access to data stored in the application. The flaw is identified as CWE‑269, an improper privilege management weakness that may allow privileged operations to be performed without the expected checks.

Affected Systems

Affected are Huawei devices running EMUI 12.0.0 through 14.2.0, as well as HarmonyOS 2.0.0 through 4.2.0, according to the list of affected CPEs. These include all commercial smartphones, tablets, and other consumer devices that ship with the specified OS versions.

Risk and Exploitability

The CVSS score of 7.1 indicates a moderate to high severity risk, while the EPSS score of less than 1% suggests a low likelihood of exploitation by threat actors at this time. Huawei has not listed the vulnerability in the CISA KEV catalog, implying that no widespread exploitation has been reported. Attackers would need to trigger the email verification flaw, likely from a malicious email or via a local compromise of the device, to read confidential data, so the risk is limited to users who use the affected email application.

Generated by OpenCVE AI on April 16, 2026 at 12:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the firmware update released by Huawei in the March 2026 support bulletin, which patches the email verification flaw in EMUI and HarmonyOS.
  • If a firmware update is not immediately available or applicable, uninstall or disable the email application until a patch is applied.
  • Monitor device logs and user activity for unauthorized email access or abnormal email behavior.

Generated by OpenCVE AI on April 16, 2026 at 12:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Title Email Application Verification Failure in Huawei EMUI/HarmonyOS Enables Data Exposure

Thu, 05 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei emui
Huawei harmonyos
CPEs cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:emui:14.0.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:emui:14.2.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:4.2.0:*:*:*:*:*:*:*
Vendors & Products Huawei
Huawei emui
Huawei harmonyos

Thu, 05 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Description Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

Subscriptions

Huawei Emui Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-03-05T14:51:18.646Z

Reserved: 2026-02-28T03:58:12.088Z

Link: CVE-2026-28548

cve-icon Vulnrichment

Updated: 2026-03-05T14:51:14.376Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-05T09:16:11.563

Modified: 2026-03-05T21:44:10.627

Link: CVE-2026-28548

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T12:30:06Z

Weaknesses