Description
Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-05-15
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Huawei HarmonyOS contains a permission control flaw in the contacts component. The flaw can be abused to impair the availability of the contacts feature, potentially causing denial of service or an interruption in access to stored contact information. The weakness is identified as CWE-840, reflecting improper privilege use or access scope.

Affected Systems

The vulnerability affects Huawei HarmonyOS devices at the operating system level. No specific version range is provided, so all current HarmonyOS releases at the time of disclosure should be considered potentially exposed.

Risk and Exploitability

The CVSS score of 5.9 indicates a moderate severity assessment. EPSS data is not available, and the issue is not listed in KEV, suggesting no current mass exploitation. The likely attack surface appears local or requires interaction with the contacts application; the exact vector is not specified in the data, so this inference is based on the nature of the defect.

Generated by OpenCVE AI on May 15, 2026 at 11:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Restrict the contacts application’s permissions to only those strictly needed by legitimate users
  • Monitor the contacts app for unexpected resource consumption or repeated failures that may signal exploitation
  • Apply any HarmonyOS updates or patches released by Huawei once they become available

Generated by OpenCVE AI on May 15, 2026 at 11:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Permission Control Flaw in HarmonyOS Contacts Impacting Availability

Fri, 15 May 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Fri, 15 May 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 10:00:00 +0000

Type Values Removed Values Added
Description Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-840
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-05-15T11:01:31.660Z

Reserved: 2026-04-23T01:42:44.927Z

Link: CVE-2026-41961

cve-icon Vulnrichment

Updated: 2026-05-15T11:00:54.158Z

cve-icon NVD

Status : Deferred

Published: 2026-05-15T10:16:34.780

Modified: 2026-05-15T14:08:50.797

Link: CVE-2026-41961

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T12:00:16Z

Weaknesses