Description
UAF vulnerability in the communication module.
Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-04-13
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Availability disruption due to use‑after‑free in the communication module
Action: Immediate Patch
AI Analysis

Impact

This vulnerability is a use‑after‑free condition in the HarmonyOS communication module. Properly managing object lifetimes is violated, which allows an attacker to corrupt memory after the object has been freed. The failure can cause the system or an affected application to crash or restart, resulting in a loss of availability for the device or user.

Affected Systems

All Huawei HarmonyOS devices referenced in the consumer service bulletins published in April 2026 are affected. No specific device models or operating‑system versions were listed in the advisory, so all releases covered by that bulletin should be assumed vulnerable until a patch is applied.

Risk and Exploitability

The CVSS base score of 7.3 points to a high‑severity flaw. Exploitation requires an attacker to deliver specially crafted input that triggers the use‑after‑free; the specific transport mechanism is unspecified, but it is likely tied to network or inter‑process communication. No EPSS score is available and the vulnerability is not in CISA’s KEV catalog, which suggests it may not yet be widely exploited in the wild. Nevertheless, because the flaw can lead to a denial of service, the risk is significant to users who depend on continuous operation of the device.

Generated by OpenCVE AI on April 13, 2026 at 05:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the HarmonyOS security update released by Huawei in the April 2026 consumer service bulletin.
  • Reboot the device after applying the update to ensure the memory management changes take effect.
  • Verify the device is running the patched firmware version before resuming normal use.

Generated by OpenCVE AI on April 13, 2026 at 05:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 05:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*

Mon, 13 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in Huawei HarmonyOS Communication Module Leading to Availability Disruption

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Mon, 13 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
Description UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-362
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-04-13T15:01:46.396Z

Reserved: 2026-03-31T01:11:13.701Z

Link: CVE-2026-34856

cve-icon Vulnrichment

Updated: 2026-04-13T15:01:42.596Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-13T04:16:12.437

Modified: 2026-04-16T04:47:27.467

Link: CVE-2026-34856

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:53:24Z

Weaknesses