Description
UAF vulnerability in the communication module.
Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-04-13
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Availability disruption
Action: Update Patch
AI Analysis

Impact

The flaw is a use‑after‑free (CWE‑362) located in the communication module of Huawei HarmonyOS. When an attacker can trigger the fault, the system may crash or otherwise stop responding, resulting in a denial of service. The vendor specifically notes that successful exploitation may affect availability, indicating that the primary consequence is interruption rather than data compromise.

Affected Systems

Huawei HarmonyOS is the known affected product family. No specific version numbers are listed in the advisory, so any device or application running an unspecified HarmonyOS build could be vulnerable.

Risk and Exploitability

The CVSS base score of 4.7 reflects moderate severity, and the vulnerability is not listed in the CISA KEV catalog. EPSS data is not available, so the exact likelihood of exploitation is indeterminate. Based on the description, it is inferred that the attack vector could be local if the communication module is exposed through a user‑controlled interface, or remote if the module is reachable over a network. The risk is moderate, but the impact on availability can be significant, especially for critical services.

Generated by OpenCVE AI on April 13, 2026 at 06:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the device’s HarmonyOS version against the vendor’s bulletin links to confirm whether it is affected.
  • Apply the latest HarmonyOS patch or firmware update that addresses the communication module flaw as soon as it becomes available.
  • If no patch is yet released, monitor the device for service disruptions and consider restricting network access or isolating the device from critical infrastructure until a fix is issued.

Generated by OpenCVE AI on April 13, 2026 at 06:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free Vulnerability in HarmonyOS Communication Module Causing Availability Issues

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Mon, 13 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Description UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-362
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-04-13T14:49:42.067Z

Reserved: 2026-03-31T01:11:13.701Z

Link: CVE-2026-34857

cve-icon Vulnrichment

Updated: 2026-04-13T14:49:38.808Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-13T05:16:03.520

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-34857

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:53:19Z

Weaknesses