Description
Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Published: 2026-04-13
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Availability and confidentiality compromise
Action: Apply Patch
AI Analysis

Impact

An out-of-bounds write vulnerability exists in the WEB module of Huawei HarmonyOS. Classified as a buffer overflow (CWE-122), it allows an attacker to overwrite memory beyond intended bounds, potentially leading to both availability loss and the disclosure of sensitive information.

Affected Systems

All Huawei HarmonyOS devices that incorporate the WEB module are affected. The vendor does not enumerate specific firmware releases, implying that any deployed HarmonyOS version containing this component may be vulnerable.

Risk and Exploitability

EPSS data is not available and the vulnerability is not listed in the KEV catalog, underscoring the lack of publicly known exploitation. The CVSS base score of 10.0 reflects an extreme severity. The description does not specify the attack vector; however, it is inferred that an attacker could exploit the flaw by sending crafted input to the WEB module over its network interface, which could result in a denial of service or confidentiality breach. Until a vendor patch is issued, the risk remains significant.

Generated by OpenCVE AI on April 13, 2026 at 08:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Huawei support website for a firmware update that addresses this issue and install it promptly.
  • If no update is available, disable or restrict network access to the HarmonyOS Web module to mitigate the risk.
  • Monitor system logs for signs of abnormal activity or crashes that may indicate an exploit attempt.

Generated by OpenCVE AI on April 13, 2026 at 08:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title HarmonyOS Web Module Out-of-Bounds Write Vulnerability

Mon, 13 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Mon, 13 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
Description Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Weaknesses CWE-122
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-04-13T13:08:00.297Z

Reserved: 2026-03-31T01:11:13.701Z

Link: CVE-2026-34865

cve-icon Vulnrichment

Updated: 2026-04-13T13:07:57.448Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-13T07:16:49.977

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-34865

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:52:44Z

Weaknesses