Description
Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-05-15
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A permission control flaw, identified as CWE-200, exists in the call processing components of Huawei EMUI and HarmonyOS. The vulnerability allows a user or a compromised application to invoke call functions without following proper authorization checks, which could disrupt or interrupt the normal call workflow and therefore degrade the overall availability of communication services.

Affected Systems

All devices running Huawei EMUI or HarmonyOS may be affected. No specific version ranges are documented, so every installation of these operating systems should be considered potentially vulnerable.

Risk and Exploitability

The CVSS score of 5.8 indicates moderate severity, with no EPSS data and the vulnerability not listed in the CISA KEV catalog. The attack vector is not explicitly stated in the CVE, but the nature of a permission control flaw suggests that an attacker may need local access or a suitable remote entry point to trigger the vulnerable call pathway. Successful exploitation could lead to a denial of service scenario for call functionality.

Generated by OpenCVE AI on May 15, 2026 at 12:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Huawei’s official support site for firmware or OS updates that address the issue
  • Update the device to the latest Huawei EMUI or HarmonyOS version as soon as it becomes available
  • If no update is available, enforce strict call‑permission policies or disable call features to reduce the attack surface

Generated by OpenCVE AI on May 15, 2026 at 12:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 12:45:00 +0000

Type Values Removed Values Added
Title Permission Control Vulnerability in Huawei EMUI and HarmonyOS Calls Impacting Availability

Fri, 15 May 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei emui
Huawei harmonyos
Vendors & Products Huawei
Huawei emui
Huawei harmonyos

Fri, 15 May 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 10:00:00 +0000

Type Values Removed Values Added
Description Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Huawei Emui Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-05-15T11:02:05.990Z

Reserved: 2026-04-23T01:42:44.927Z

Link: CVE-2026-41960

cve-icon Vulnrichment

Updated: 2026-05-15T11:01:59.201Z

cve-icon NVD

Status : Deferred

Published: 2026-05-15T10:16:33.550

Modified: 2026-05-15T14:08:50.797

Link: CVE-2026-41960

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T12:30:44Z

Weaknesses