Description
Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Published: 2026-05-15
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A permission control flaw exists in HarmonyOS’s security control module, classified as CWE‑840. The vulnerability can expose services to unauthorized disclosure; no impact on integrity or availability is mentioned. It is explicitly stated that successful exploitation may affect service confidentiality, but how the confidentiality breach manifests is not described in the advisory.

Affected Systems

HUAWEI HarmonyOS devices are affected. The advisory does not specify a version range, implying that all currently released HarmonyOS versions should be considered potentially vulnerable until an official fix is made available.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate risk level. EPSS data is not available, so the probability of exploitation in the wild is unknown. The flaw is not listed in CISA’s KEV catalog, suggesting no known active exploitation. The attack vector is not detailed in the advisory; it is inferred that the vulnerability likely requires elevated or local privileges to modify permission settings, though this cannot be confirmed from the supplied data.

Generated by OpenCVE AI on May 15, 2026 at 11:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Huawei’s support portal for an official firmware patch for HarmonyOS and apply it as soon as it is available.
  • If a patch is not yet released, restrict the device’s exposure by disabling unnecessary network services and enforcing strict application permission policies.
  • Audit current permission assignments on the device to ensure that only trusted applications have elevated privileges.

Generated by OpenCVE AI on May 15, 2026 at 11:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 12:15:00 +0000

Type Values Removed Values Added
Title Permission Control Vulnerability in HarmonyOS Security Control Module

Fri, 15 May 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Fri, 15 May 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 15 May 2026 10:00:00 +0000

Type Values Removed Values Added
Description Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Weaknesses CWE-840
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-05-15T11:03:24.120Z

Reserved: 2026-04-23T01:42:44.928Z

Link: CVE-2026-41971

cve-icon Vulnrichment

Updated: 2026-05-15T11:03:18.654Z

cve-icon NVD

Status : Deferred

Published: 2026-05-15T10:16:35.840

Modified: 2026-05-15T14:08:50.797

Link: CVE-2026-41971

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T12:00:16Z

Weaknesses