Description
Path traversal vulnerability in the SMS app. Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-06-09
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic path traversal flaw in the HarmonyOS SMS application, classified as CWE-22. It allows an attacker to manipulate file paths supplied to the app, potentially accessing files outside the intended directory structure. The provided description states that exploitation may affect availability, suggesting that an attacker could cause the SMS app to crash, become unresponsive, or lock the device, thereby denying legitimate users the ability to send or receive messages.

Affected Systems

The affected system is the SMS application on Huawei HarmonyOS devices. No specific version or patch level is listed, so all installations of the HarmonyOS SMS app could be vulnerable until a fix is applied.

Risk and Exploitability

The CVSS score is 5.4, indicating moderate severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalogue, implying no current evidence of exploitation in the wild. The attack vector is not explicitly stated in the available data, so it is inferred that exploitation would require either local access to the device or a privileged user interaction with the SMS app. Given the lack of known exploits and the availability impact, the overall risk remains moderate but warrants proactive monitoring.

Generated by OpenCVE AI on June 9, 2026 at 08:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Huawei HarmonyOS to a version including the path traversal patch. If no update exists, contact Huawei support for guidance.
  • Disable or uninstall the SMS application if it is not essential.
  • Apply application restrictions or sandboxing to limit SMS app file system access, reducing the impact of the path traversal flaw.

Generated by OpenCVE AI on June 9, 2026 at 08:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Title Path Traversal Vulnerability in HarmonyOS SMS App

Tue, 09 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Tue, 09 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description Path traversal vulnerability in the SMS app. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-06-09T13:04:42.956Z

Reserved: 2026-04-23T01:42:44.928Z

Link: CVE-2026-41972

cve-icon Vulnrichment

Updated: 2026-06-09T13:04:38.181Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T08:16:27.457

Modified: 2026-06-09T13:34:58.997

Link: CVE-2026-41972

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T09:00:08Z

Weaknesses