Description
UAF vulnerability in the communication module.
Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-04-13
Score: 4.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Availability Impact
Action: Monitor
AI Analysis

Impact

The vulnerability disclosed is a use‑after‑free condition located in the communication module of Huawei HarmonyOS. Successful exploitation may result in the loss of availability for the affected module or service. The weakness is identified as a race‑condition error (CWE‑362).

Affected Systems

Huawei HarmonyOS devices such as consumer phones, smart wearables, and other embedded systems running the HarmonyOS operating system are affected. The advisory does not list any specific product versions.

Risk and Exploitability

The CVSS score of 4.1 indicates a low to moderate risk with respect to availability impact. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. The exact attack vector is not specified; however, a use‑after‑free in a low‑level communication component generally requires either local input or the ability to send crafted messages to the device. Because no public exploit is documented, the current threat level is considered low, but monitoring for new developments remains prudent.

Generated by OpenCVE AI on April 13, 2026 at 06:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any firmware or OS patch released by Huawei for HarmonyOS when it becomes available.
  • If no patch is available, inhibit or restrict applications that interact directly with the communication module, if possible.
  • Monitor device logs for signs of anomalous behavior or crashes that could indicate exploitation attempts.
  • Keep the device firmware and OS updated to the latest supported versions and enable automatic updates whenever possible.

Generated by OpenCVE AI on April 13, 2026 at 06:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free in HarmonyOS Communication Module Impacting Availability

Mon, 13 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Mon, 13 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Description UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-362
References
Metrics cvssV3_1

{'score': 4.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-04-13T13:28:06.171Z

Reserved: 2026-03-31T01:11:13.701Z

Link: CVE-2026-34858

cve-icon Vulnrichment

Updated: 2026-04-13T13:28:03.303Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-13T05:16:03.663

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-34858

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:53:18Z

Weaknesses