Description
Permission control vulnerability in the audio framework. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Published: 2026-06-09
Score: 6.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a permission control issue in the audio framework of Huawei EMUI and HarmonyOS. It enables an attacker to bypass normal access restrictions and gain unauthorized exposure to audio service data, potentially compromising confidential information. The weakness is classified as CWE-275, indicating that insufficient protection of restricted information can be accessed, leading to confidentiality risk. The CVE description confirms that successful exploitation may affect service confidentiality.

Affected Systems

All devices running Huawei EMUI and Huawei HarmonyOS that include the vulnerable audio framework are potential targets. The CNA lists these two product families, but no specific version range is stated, so any version containing the affected framework is likely impacted.

Risk and Exploitability

The CVSS score of 6.6 indicates moderate severity. EPSS data is unavailable, and the flaw is not listed in the CISA KEV catalog, so the likelihood of exploitation remains uncertain. The attack vector is not explicitly detailed in the CVE data; it is inferred that the vulnerability may be exploitable through a malicious application or local privilege escalation that can call the audio service without proper permission checks. Due to the lack of publicly known exploits, the immediate risk is primarily theoretical, but the confidentiality impact underscores the need to address the flaw proactively.

Generated by OpenCVE AI on June 9, 2026 at 08:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest EMUI or HarmonyOS firmware that contains the patched audio framework
  • If a patch is not yet available, restrict or disable the affected audio service through system settings or configuration to prevent unauthorized access
  • Monitor device logs and network traffic for anomalous audio service activity and review application permission grants
  • Apply general least‑privilege practices: limit audio‑related permissions to trusted applications only

Generated by OpenCVE AI on June 9, 2026 at 08:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
Title Permission Control Flaw in Huawei Audio Framework Leading to Confidentiality Risk
First Time appeared Huawei
Huawei emui
Huawei harmonyos
Vendors & Products Huawei
Huawei emui
Huawei harmonyos

Tue, 09 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description Permission control vulnerability in the audio framework. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Weaknesses CWE-275
References
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L'}

Subscriptions

Huawei Emui Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-06-09T12:59:43.591Z

Reserved: 2026-04-23T01:42:44.929Z

Link: CVE-2026-41976

cve-icon Vulnrichment

Updated: 2026-06-09T12:59:39.911Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T08:16:27.810

Modified: 2026-06-09T13:34:58.997

Link: CVE-2026-41976

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T08:30:35Z

Weaknesses