Description
Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Published: 2026-04-13
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service & Confidentiality Breach
Action: Assess Impact
AI Analysis

Impact

An out‑of‑bounds write flaw has been found in the WEB module of Huawei HarmonyOS. The vulnerability allows an attacker to corrupt memory, potentially disrupting the operation of the device and exposing sensitive data. The impact manifests as a loss of availability, and the possibility of data leakage, consistent with the CWE‑120 classification for buffer overflows.

Affected Systems

The flaw affects Huawei HarmonyOS devices. No specific version range is documented in the advisory, so all releases that include the vulnerable WEB module may be affected.

Risk and Exploitability

The CVSS score of 5.1 indicates a moderate risk level. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is via the web interface of the device; however, the exact remote or local conditions are not specified, so the exploitation requirement is inferred to require access to that module. Given the moderate score and absence of public exploits, the overall threat is manageable but warrants monitoring for potential public exploitation.

Generated by OpenCVE AI on April 13, 2026 at 08:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and apply the official HarmonyOS patch from Huawei as soon as it is released
  • If a patch is not yet available, disable or tightly restrict access to the device’s Web module
  • Segment the device from untrusted networks and apply network segmentation controls
  • Monitor Huawei’s support portal and security advisories for updates or additional mitigations

Generated by OpenCVE AI on April 13, 2026 at 08:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write in HarmonyOS WEB Module Leads to Availability and Confidentiality Impact

Mon, 13 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Mon, 13 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
Description Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-04-13T13:07:38.948Z

Reserved: 2026-03-31T01:11:13.701Z

Link: CVE-2026-34866

cve-icon Vulnrichment

Updated: 2026-04-13T13:07:36.166Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-13T07:16:50.127

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-34866

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:52:43Z

Weaknesses