Description
Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-05-15
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out-of-bounds write in the distributed file system module, allowing an attacker to corrupt memory and potentially trigger system instability or crashes. The primary consequence is a loss of availability, as the affected system could become unusable without recovery. The weakness is identified as CWE-787, which is an uncontrolled write that can result in data corruption or denial of service.

Affected Systems

The flaw affects Huawei EMUI and Huawei HarmonyOS devices. No specific version information is provided, so all current releases of these operating systems remain potential targets until a patch is applied.

Risk and Exploitability

With a CVSS score of 6.8, the vulnerability is considered moderate but carries a meaningful chance of causing service disruption. The EPSS score is not available, so the exploitation probability is uncertain. It is not listed in the CISA KEV catalog, suggesting no publicly known exploits at the time of reporting. Based on the description, the attack likely requires local access or privileged interaction with the distributed file system module; additional details are not disclosed.

Generated by OpenCVE AI on May 15, 2026 at 11:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the firmware update for EMUI or HarmonyOS released in the May 2026 Huawei support bulletin.
  • If the update is not yet available, disable or restrict the distributed file system feature until a patch is issued.
  • Configure file‑system integrity monitoring to detect abnormal write operations and alert administrators.

Generated by OpenCVE AI on May 15, 2026 at 11:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Out-of-bounds Write in Huawei Distributed File System Module

Fri, 15 May 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei emui
Huawei harmonyos
Vendors & Products Huawei
Huawei emui
Huawei harmonyos

Fri, 15 May 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 10:00:00 +0000

Type Values Removed Values Added
Description Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H'}

Subscriptions

Huawei Emui Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-05-15T10:30:15.387Z

Reserved: 2026-04-23T01:42:44.928Z

Link: CVE-2026-41970

cve-icon Vulnrichment

Updated: 2026-05-15T10:30:10.009Z

cve-icon NVD

Status : Deferred

Published: 2026-05-15T10:16:35.737

Modified: 2026-05-15T14:08:50.797

Link: CVE-2026-41970

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T12:00:16Z

Weaknesses