Description
Permission control vulnerability in service notifications. Impact: Successful exploitation of this vulnerability may affect availability.
Published: 2026-06-09
Score: 3.6 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A permission control flaw exists in Huawei's EMUI and HarmonyOS service notification component, allowing an attacker to bypass normal access checks and potentially disrupt the notification delivery process, which can lead to availability degradation. This weakness is described as CWE‑264, reflecting improper permission management. The vulnerability description states that exploitation may adversely affect system availability, but does not detail confidentiality or integrity impacts.

Affected Systems

The flaw targets Huawei's EMUI operating system and HarmonyOS. No specific version numbers are disclosed in the advisory, so administrators should consult Huawei's 2026 June bulletin for precise affected releases.

Risk and Exploitability

The CVSS score of 3.6 reflects a moderate severity, while the EPSS score is unavailable, leaving the likelihood of exploitation uncertain; the vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector likely involves unauthorized use of the notification service, though the exact prerequisites for exploitation are not provided. The impact is primarily on availability of the notification subsystem, which could degrade user experience or impede critical alerts.

Generated by OpenCVE AI on June 9, 2026 at 08:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any Huawei‑released patches or update the EMUI/HarmonyOS platform as soon as they are available.
  • Verify that the notification service permissions are configured following the principle of least privilege, ensuring only authorized users or processes can initiate or receive notifications.
  • Enable monitoring of notification logs and enforce network segmentation to isolate the notification service from other critical components, reducing the effect of any potential disruption.

Generated by OpenCVE AI on June 9, 2026 at 08:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei emui
Huawei harmonyos
Vendors & Products Huawei
Huawei emui
Huawei harmonyos

Tue, 09 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
Title Permission Control Vulnerability in Service Notifications Affecting Availability

Tue, 09 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description Permission control vulnerability in service notifications. Impact: Successful exploitation of this vulnerability may affect availability.
Weaknesses CWE-264
References
Metrics cvssV3_1

{'score': 3.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L'}

Subscriptions

Huawei Emui Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-06-09T12:58:13.480Z

Reserved: 2026-04-23T01:42:44.929Z

Link: CVE-2026-41974

cve-icon Vulnrichment

Updated: 2026-06-09T12:58:08.959Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T08:16:27.700

Modified: 2026-06-09T13:34:58.997

Link: CVE-2026-41974

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T08:55:33Z

Weaknesses