Description
Boundary-unlimited vulnerability in the application read module.
Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-04-13
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Availability Impact
Action: Apply Patch
AI Analysis

Impact

A boundary-unlimited flaw exists in HarmonyOS’s application read module, allowing an attacker to supply input that exceeds expected limits. The weakness can trigger uncontrolled memory reads or writes, which may destabilize the application or the operating system, leading to crashes or forced restarts. This vulnerability is classified as CWE-119 and primarily carries availability implications rather than compromising confidentiality or integrity.

Affected Systems

The vendor affected is Huawei, specifically its HarmonyOS operating system. No specific release numbers are mentioned, implying that all current HarmonyOS builds could be vulnerable until a vendor patch is applied.

Risk and Exploitability

The CVSS score of 6.8 indicates moderate severity. Because EPSS data is missing and the flaw is not listed in CISA’s KEV catalog, no widespread exploitation has been reported. Based on the description, the attack likely requires input directed at the vulnerable read module, which could be delivered locally or remotely depending on the exposed interfaces. Successful exploitation would result in application or system outages but is not believed to allow code execution or data disclosure.

Generated by OpenCVE AI on April 13, 2026 at 06:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Retrieve the latest HarmonyOS security bulletin from Huawei’s consumer support website and apply any provided patch immediately.
  • If a patch is not yet available, disable or restrict access to the vulnerable application read module using device settings or administrative controls.
  • Continuously review system logs for abnormal termination or crash events that may indicate attempts to exploit the vulnerability.
  • Maintain the OS at the newest release to benefit from future security updates.

Generated by OpenCVE AI on April 13, 2026 at 06:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title HarmonyOS Application Read Module Boundary Overflow Vulnerability

Mon, 13 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Mon, 13 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Description Boundary-unlimited vulnerability in the application read module. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-119
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-04-13T13:18:22.479Z

Reserved: 2026-03-31T01:11:13.701Z

Link: CVE-2026-34864

cve-icon Vulnrichment

Updated: 2026-04-13T13:18:17.216Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-13T05:16:04.550

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-34864

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:53:12Z

Weaknesses