Description
AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.
Published: 2026-04-21
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Based on the description, it is inferred that AiAssistant has a privilege bypass vulnerability that could allow attackers to gain higher privileges and potentially disrupt service availability. The vulnerability is categorized as a type privilege bypass, indicating that normal access controls can be subverted. The available information does not specify the exact mechanism or the extent of privileges that can be gained. Successful exploitation could affect the availability of the AiAssistant service, but there is no explicit evidence that it allows execution of privileged code or manipulation of the system state.

Affected Systems

The vulnerability affects Honor’s AiAssistant product. No specific version information is disclosed, so all iterations of AiAssistant that have not been patched are potentially vulnerable.

Risk and Exploitability

The CVSS Base score of 7.8 signifies a substantial risk level, while the EPSS score of less than 1% indicates a low probability of exploitation at present. The vulnerability is not cataloged in the CISA KEV list. Based on the description, it is inferred that the privilege bypass could allow an attacker to elevate privileges either locally or remotely by exploiting weaknesses in authentication or authorization controls. The likely attack vector is an unauthorized user who can gain higher privileges, potentially disrupting the AiAssistant service.

Generated by OpenCVE AI on May 10, 2026 at 23:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any publicly released Honor AIAssistant update that addresses the privilege bypass flaw.
  • Restrict the number of users with administrative privileges and enforce least privilege to reduce the impact of a potential privilege escalation.
  • Monitor system logs for signs of unauthorized privilege escalation attempts and enable alerting on suspicious activity.

Generated by OpenCVE AI on May 10, 2026 at 23:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 10 May 2026 22:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-264

Sun, 10 May 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Honor
Honor aiassistant
Vendors & Products Honor
Honor aiassistant

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-264

Tue, 21 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 21 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
Description AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.
Title Privilege Bypass in AiAssistant
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Honor Aiassistant
cve-icon MITRE

Status: PUBLISHED

Assigner: Honor

Published:

Updated: 2026-05-10T19:58:19.405Z

Reserved: 2026-03-09T03:44:51.358Z

Link: CVE-2026-31368

cve-icon Vulnrichment

Updated: 2026-04-21T13:23:53.188Z

cve-icon NVD

Status : Deferred

Published: 2026-04-21T07:16:07.923

Modified: 2026-05-10T20:16:27.510

Link: CVE-2026-31368

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T00:00:06Z

Weaknesses