Description
Double free vulnerability in the multi-mode input system.
Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-04-13
Score: 5.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Availability (Denial of Service)
Action: Apply Patch
AI Analysis

Impact

A double‑free defect has been found in Huawei HarmonyOS’s multi‑mode input system. The flaw enables a crafted input to trigger a second deallocation of memory that was already freed, leading to undefined behavior that typically results in an application crash or a system reset. This causes loss of service rather than exposure or modification of data, and the weakness aligns with CWE‑415, describing improper memory management.

Affected Systems

The vulnerability affects devices running Huawei HarmonyOS. No explicit version information is provided in the advisory, so system administrators should reference Huawei’s support bulletin dated April 2026 to determine if their installation requires an update.

Risk and Exploitability

With a CVSS score of 5.6 the issue is considered moderate in severity. Because no EPSS data is available and the bug is not listed in CISA’s KEV catalog, it is unlikely to be actively exploited at this time. The description does not specify an attack vector; therefore, it is inferred that an attacker would need to deliver malicious input to the vulnerable subsystem, probably through local or privileged access to the device. The risk is thus modest, pending the availability of an exploit.

Generated by OpenCVE AI on April 13, 2026 at 06:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Huawei’s support bulletin for HarmonyOS April 2026 and install any released security update that addresses the double‑free flaw
  • If an update is not yet available, consider disabling the multi‑mode input functionality or restricting its use to unprivileged contexts until a patch can be applied

Generated by OpenCVE AI on April 13, 2026 at 06:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:huawei:harmonyos:5.1.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*

Mon, 13 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Double‑Free Vulnerability in HarmonyOS Multi‑Mode Input System

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Mon, 13 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
Description Double free vulnerability in the multi-mode input system. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-415
References
Metrics cvssV3_1

{'score': 5.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-04-13T15:02:52.133Z

Reserved: 2026-03-31T01:11:13.701Z

Link: CVE-2026-34867

cve-icon Vulnrichment

Updated: 2026-04-13T15:02:48.033Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-13T04:16:13.240

Modified: 2026-04-17T19:24:46.980

Link: CVE-2026-34867

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:53:27Z

Weaknesses