Description
Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-05-15
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Huawei has disclosed a permission control vulnerability in the manufacturability design module of HarmonyOS. Based on the description, it is inferred that the flaw allows bypassing predefined access restrictions. The weakness is classified as CWE-840, which denotes a privilege escalation or permission bypass issue. Based on the description, it is inferred that the vulnerability could cause a denial of service by disrupting availability of functions that rely on the module. Based on the description, it is inferred that the bypass could be achieved when an attacker possesses local device access or elevated privileges, enabling manipulation of the module's access controls.

Affected Systems

The affected product is Huawei HarmonyOS. No specific version is listed; all devices running the current HarmonyOS release containing the manufacturability design module may be vulnerable. Refer to the Huawei consumer bulletin for details on affected firmware.

Risk and Exploitability

The CVSS score of 5.9 reflects moderate severity. The EPSS score is unavailable, and the vulnerability is not listed in the CISA KEV catalog, indicating no known active exploitation. Based on the description, it is inferred that an attacker would need local device access or privileged permissions to manipulate the manufacturability design module, which could result in service disruption.

Generated by OpenCVE AI on May 15, 2026 at 12:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the firmware update announced in the Huawei consumer bulletin for HarmonyOS.
  • Restrict local device access to the manufacturability design module, ensuring only authorized applications have the required permissions.
  • Monitor device logs for abnormal availability disruptions or unauthorized attempts to modify the manufacturability module.

Generated by OpenCVE AI on May 15, 2026 at 12:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 12:45:00 +0000

Type Values Removed Values Added
Title Permission Control Vulnerability in HarmonyOS Manufacturability Design Module Impacting Availability

Fri, 15 May 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Fri, 15 May 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 10:00:00 +0000

Type Values Removed Values Added
Description Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-840
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-05-15T10:54:00.547Z

Reserved: 2026-04-23T01:42:44.928Z

Link: CVE-2026-41968

cve-icon Vulnrichment

Updated: 2026-05-15T10:53:55.124Z

cve-icon NVD

Status : Deferred

Published: 2026-05-15T10:16:35.523

Modified: 2026-05-15T14:08:50.797

Link: CVE-2026-41968

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T12:30:44Z

Weaknesses