Description
Access control vulnerability in the memo module.
Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Published: 2026-04-13
Score: 4.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Availability and Confidentiality compromise
Action: Apply Patch
AI Analysis

Impact

An improper access control defect has been identified in HarmonyOS’s memo module, allowing an attacker to bypass normal permissions and read or modify memo data that should be restricted. The vulnerability can lead to the disclosure of private information and to disruption of the memo feature, thereby impacting both confidentiality and availability for affected devices.

Affected Systems

The defect affects devices running Huawei HarmonyOS. No specific version ranges are disclosed in the current advisory; however, any HarmonyOS installation containing the memo module is potentially susceptible.

Risk and Exploitability

The issue carries a CVSS base score of 4.1, indicating moderate risk. The exploit probability (EPSS) is not reported, and the vulnerability is not listed in CISA’s KEV catalog, suggesting limited widespread exploitation. Attack vectors are not detailed in the advisory; it is inferred that local or network-based access may be required to exploit the memo module, though definitive conditions are not provided.

Generated by OpenCVE AI on April 13, 2026 at 05:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Huawei support bulletins for available patches or updates for HarmonyOS
  • Apply any released firmware or OS update that addresses memo module access controls
  • If an update is not yet available, monitor Huawei announcements and apply interim access controls such as limiting user permissions or disabling memo features until a fix is released

Generated by OpenCVE AI on April 13, 2026 at 05:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 05:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:huawei:harmonyos:5.1.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*

Mon, 13 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Access Control Weakness in HarmonyOS Memo Module

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Mon, 13 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
Description Access control vulnerability in the memo module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 4.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:L'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-04-13T18:06:17.252Z

Reserved: 2026-03-31T01:11:13.701Z

Link: CVE-2026-34860

cve-icon Vulnrichment

Updated: 2026-04-13T17:57:46.651Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-13T04:16:12.650

Modified: 2026-04-16T04:45:53.703

Link: CVE-2026-34860

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:53:28Z

Weaknesses