Description
Permission bypass vulnerability in the LBS module.
Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-04-13
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Availability disruption through LBS permission bypass
Action: Apply Patch
AI Analysis

Impact

A permission bypass flaw exists in the Location-Based Services (LBS) module of Huawei products. The vulnerability enables an attacker to gain access to privileged functions or data that should be restricted. As a result, the attacker can potentially affect system availability by continuing to consume resources or triggering service disruptions. The weakness is classified as CWE‑270, indicating improper authorization control.

Affected Systems

The flaw impacts Huawei EMUI firmware and HarmonyOS operating systems. Specific version information is not listed; therefore, all current releases may be affected until a vendor patch is released.

Risk and Exploitability

The CVSS score of 7.7 places this vulnerability in the high‑severity range. EPSS data is unavailable, and the flaw is not yet reported in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is inferred to be local or remote if an attacker can trigger the LBS component, such as through a crafted request or malicious application. Given the high impact on availability and the absence of existing public exploits, organizations should treat this as a high‑risk issue.

Generated by OpenCVE AI on April 13, 2026 at 05:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Huawei consumer support bulletins for an official patch or update and apply it to affected EMUI and HarmonyOS devices
  • If a patch is not yet available, disable or restrict the use of Location-Based Services on the device
  • Apply the patch as soon as it becomes available to eliminate the permission bypass
  • Continuously monitor Huawei security advisories for updates on this vulnerability

Generated by OpenCVE AI on April 13, 2026 at 05:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 05:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:huawei:emui:14.0.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:emui:14.2.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:emui:15.0.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:4.2.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:4.3.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:4.3.1:*:*:*:*:*:*:*

Mon, 13 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei emui
Huawei harmonyos
Vendors & Products Huawei
Huawei emui
Huawei harmonyos

Mon, 13 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
Description Permission bypass vulnerability in the LBS module. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-270
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H'}

Subscriptions

Huawei Emui Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-04-13T15:02:08.662Z

Reserved: 2026-03-31T01:11:13.700Z

Link: CVE-2026-34853

cve-icon Vulnrichment

Updated: 2026-04-13T15:02:04.681Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-13T04:16:12.217

Modified: 2026-04-16T04:52:02.930

Link: CVE-2026-34853

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:53:25Z

Weaknesses