Description
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
Published: 2026-05-19
Score: 3.3 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from improper input validation in the filemanagement_storage_service component of OpenHarmony. A local attacker can supply malformed input that causes the service to crash or become unresponsive, resulting in a denial of service for users of the affected device. The weakness corresponds to CWE‑20 and demonstrates how inadequate input checks can destabilize critical system components.

Affected Systems

OpenHarmony operating system version 6.0 and earlier are impacted. The vulnerability is present in the filemanagement_storage_service module that is part of the core OS. Users operating these releases on devices that allow local code execution or local user account privileges may be affected.

Risk and Exploitability

The CVSS v3.1 base score is 3.3, indicating low severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, so current exploitation risk is moderate. Because the attack requires local privileges and the impact is a denial of service, administrators should consider it a low‑to‑moderate risk that can disrupt normal operation if a compromised local user exists.

Generated by OpenCVE AI on May 19, 2026 at 04:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest OpenHarmony release that contains the filemanagement_storage_service fix.
  • Restrict local user permissions so that non‑privileged accounts cannot invoke the filemanagement service.
  • Monitor system logs and service status for unexpected crashes or recoveries to detect potential exploitation early.

Generated by OpenCVE AI on May 19, 2026 at 04:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 04:45:00 +0000

Type Values Removed Values Added
First Time appeared Openharmony
Openharmony openharmony
Vendors & Products Openharmony
Openharmony openharmony

Tue, 19 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
Title filemanagement_storage_service has an improper input validation vulnerability
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Openharmony Openharmony
cve-icon MITRE

Status: PUBLISHED

Assigner: OpenHarmony

Published:

Updated: 2026-05-19T02:59:07.074Z

Reserved: 2026-03-03T06:43:20.259Z

Link: CVE-2026-28751

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-19T04:16:31.053

Modified: 2026-05-19T04:16:31.053

Link: CVE-2026-28751

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T04:30:25Z

Weaknesses