Description
Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Published: 2026-05-15
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Huawei’s EMUI and HarmonyOS contain a permission control flaw in their projection module. The flaw allows an attacker to bypass access checks when invoking the projection service, potentially exposing data that the module is meant to protect. The weakness is classified as CWE‑275, indicating unauthorized information disclosure.

Affected Systems

Both Huawei EMUI and Huawei HarmonyOS are affected. The advisory does not specify a vulnerable version range, implying that any release incorporating the projection component without the fix is potentially at risk until a firmware or software update is applied.

Risk and Exploitability

The CVSS base score of 6.2 represents moderate severity, and the vulnerability is not listed in CISA’s KEV catalog. EPSS data is unavailable, leaving exploitation likelihood unclear. The attack vector is not explicitly detailed, but the flaw would require the attacker to trigger the projection feature—likely through local access or an exposed network interface. Successful exploitation could lead to unauthorized reading of protected data, resulting in a confidentiality breach.

Generated by OpenCVE AI on May 15, 2026 at 11:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Huawei firmware or OS patch that addresses the projection access control issue.
  • If no patch is available, disable or restrict the projection functionality on the affected devices to prevent unauthorized use.
  • Continuously monitor device logs for abnormal projection activity and investigate any suspected data leakage incidents.

Generated by OpenCVE AI on May 15, 2026 at 11:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei emui
Huawei harmonyos
Vendors & Products Huawei
Huawei emui
Huawei harmonyos

Fri, 15 May 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 15 May 2026 10:00:00 +0000

Type Values Removed Values Added
Description Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Weaknesses CWE-275
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L'}

Subscriptions

Huawei Emui Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-05-15T10:52:33.668Z

Reserved: 2026-04-23T01:42:44.928Z

Link: CVE-2026-41969

cve-icon Vulnrichment

Updated: 2026-05-15T10:52:28.005Z

cve-icon NVD

Status : Deferred

Published: 2026-05-15T10:16:35.627

Modified: 2026-05-15T14:08:50.797

Link: CVE-2026-41969

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T12:00:16Z

Weaknesses