Description
Permission control vulnerability in the app management and control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Published: 2026-05-15
Score: 3.6 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability stems from a permission control flaw in the HarmonyOS app management and control module. The flaw may allow an attacker to obtain unintended access to confidential system or application data, as the module does not properly enforce the intended access controls, consistent with the CWE‑264 weakness. The CVSS score of 3.6 indicates a low rate of severity, suggesting that the impact is limited to confidentiality rather than broader availability or integrity issues. The precise exploitation details are not disclosed, so it is inferred that the attacker could abuse the permission checks to gain unauthorized access.

Affected Systems

The affected systems are devices running Huawei HarmonyOS that include the app management and control module. No specific version identifiers are provided in the data, so any device currently deploying the module could be vulnerable until a vendor patch is released.

Risk and Exploitability

With no EPSS score available and the vulnerability not listed in CISA’s KEV catalog, the likelihood of already observed exploitation is low. The exploitation path likely requires an attacker to bypass local permission checks or achieve a privileged role within the operating system; this scenario is inferred from the description since the details are not specified. Given the low CVSS score, the risk is considered moderate, and monitoring for new dissemination of tags or exploits is advised.

Generated by OpenCVE AI on May 15, 2026 at 11:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest HarmonyOS update that includes a fix for the permission control flaw once it is released by Huawei.
  • Review the permissions granted to all installed applications in the app management module and revoke any that are unnecessary for the app’s basic functionality.
  • Disable or uninstall applications that are not essential or that request elevated privileges beyond their stated purpose.
  • Keep the system updated by subscribing to Huawei’s official security bulletins and applying security patches as soon as they become available.

Generated by OpenCVE AI on May 15, 2026 at 11:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Fri, 15 May 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 10:00:00 +0000

Type Values Removed Values Added
Description Permission control vulnerability in the app management and control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Weaknesses CWE-264
References
Metrics cvssV3_1

{'score': 3.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-05-15T11:00:33.896Z

Reserved: 2026-04-23T01:42:44.927Z

Link: CVE-2026-41962

cve-icon Vulnrichment

Updated: 2026-05-15T11:00:29.033Z

cve-icon NVD

Status : Deferred

Published: 2026-05-15T10:16:34.880

Modified: 2026-05-15T14:08:50.797

Link: CVE-2026-41962

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T12:00:16Z

Weaknesses