Description
Stack overflow vulnerability in the media platform.
Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-04-13
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

The vulnerability is a stack overflow in the media platform component of Huawei HarmonyOS, classified as CWE‑835. An attacker who can provide malicious media content may overflow the stack, corrupt control data, and crash the media service. This results in a denial of service that disrupts system availability but does not grant arbitrary code execution or data disclosure.

Affected Systems

The affected systems are all Huawei devices running HarmonyOS that include the media platform. Because no specific firmware or software version is supplied, every HarmonyOS installation is potentially vulnerable until an update is applied.

Risk and Exploitability

The CVSS score of 6.1 indicates moderate severity. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, suggesting a low to moderate likelihood of widespread exploitation. The attack vector is inferred to involve delivery of malicious media locally or through network channels, but explicit details are not provided in the description.

Generated by OpenCVE AI on April 13, 2026 at 05:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official Huawei HarmonyOS patch as soon as it becomes available.
  • If a patch is not yet released, restrict or disable media platform functionality to prevent crashes.
  • Avoid opening or playing unknown media files from untrusted sources until a patch is applied.
  • Regularly check Huawei support pages and security bulletins for updates.

Generated by OpenCVE AI on April 13, 2026 at 05:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 05:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*

Mon, 13 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Stack Overflow in HarmonyOS Media Platform Causes Denial of Service

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Mon, 13 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
Description Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-835
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-04-13T18:06:17.414Z

Reserved: 2026-03-31T01:11:13.700Z

Link: CVE-2026-34852

cve-icon Vulnrichment

Updated: 2026-04-13T17:57:48.803Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-13T04:16:11.727

Modified: 2026-04-16T04:54:38.750

Link: CVE-2026-34852

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:53:29Z

Weaknesses