Description
Race condition vulnerability in the notification service.
Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-04-13
Score: 1.9 Low
EPSS: < 1% Very Low
KEV: No
Impact: Availability Impact
Action: Apply Patch
AI Analysis

Impact

A race condition was identified within the notification service component of HarmonyOS. When multiple notification events are processed concurrently, the internal synchronization logic can fail, resulting in the service becoming unstable or crashing. This effectively prevents users from receiving or handling notifications, leading to a service‑level denial of service.

Affected Systems

The affected vendor is Huawei, with the HarmonyOS platform. No version range is provided in the advisory, meaning any installation that includes the notification service may be vulnerable.

Risk and Exploitability

The CVSS assessment assigns a value of 1.9, indicating low severity. Because the exploit probability metric is not supplied and the vulnerability is not listed in the national KEV catalog, there is no evidence of active exploitation. The attack vector is inferred to be local—an attacker would need to provoke simultaneous notification events, possibly by installing a malicious application or by abusing the user interface to generate rapid notifications. Consequently, the threat is considered moderate, primarily due to the potential for repeated service interruptions rather than data compromise or widespread damage.

Generated by OpenCVE AI on April 13, 2026 at 05:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Review Huawei support bulletins for HarmonyOS updates and apply any available patch that addresses the notification service

Generated by OpenCVE AI on April 13, 2026 at 05:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:huawei:harmonyos:5.1.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*

Mon, 13 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Race Condition in HarmonyOS Notification Service Causes Service Instability

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Mon, 13 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
Description Race condition vulnerability in the notification service. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-362
References
Metrics cvssV3_1

{'score': 1.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-04-13T18:06:17.668Z

Reserved: 2026-03-31T01:11:13.700Z

Link: CVE-2026-34850

cve-icon Vulnrichment

Updated: 2026-04-13T17:57:55.710Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-13T04:16:07.767

Modified: 2026-04-16T05:05:25.157

Link: CVE-2026-34850

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:53:32Z

Weaknesses