Description
Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect integrity and confidentiality.
Published: 2026-06-09
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a permission control flaw in Huawei’s HarmonyOS print module that can lead to tampering with printed data and exposure of information passing through the print stream. It corresponds to CWE-701, which indicates that operations are not adequately restricted to a user’s authorized capabilities. This flaw could allow an attacker to alter or intercept printed documents, compromising both the integrity of the data and the confidentiality of sensitive material. Based on the description, it is inferred that the permission checks are insufficient for controlling who can issue print jobs, making the module a target for privilege abuse.

Affected Systems

Huawei HarmonyOS devices are affected because the vulnerability resides in the print module shipped with the operating system. No specific version numbers are disclosed, so any installation of Huawei:HarmonyOS that includes the print module is potentially vulnerable. Based on the description, it is inferred that the absence of version exclusions implies that all revisions with the affected component are at risk.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting a lower current exploitation threat. However, the flaw involves permission checks, meaning exploitation likely requires local access or a privilege escalation that allows a user to invoke print functions bypassing security controls. Based on the description, it is inferred that an attacker would need to compromise the device or elevate privileges locally to successfully exploit the weakness.

Generated by OpenCVE AI on June 9, 2026 at 06:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any released patch by Huawei as soon as it becomes available.
  • If printing is not required, disable or restrict access to the print module to reduce the attack surface.
  • Enforce least‑privilege access controls on the print service, ensuring that only authorised user roles can queue print jobs, thereby addressing the CWE-701 weakness.
  • Monitor for anomalous print activity and implement segmentation or role‑based controls to contain potential exploitation.

Generated by OpenCVE AI on June 9, 2026 at 06:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 07:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Tue, 09 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Title Permission control flaw in HarmonyOS print module could compromise confidentiality and integrity

Tue, 09 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect integrity and confidentiality.
Weaknesses CWE-701
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-06-09T13:30:12.831Z

Reserved: 2026-04-23T01:42:44.929Z

Link: CVE-2026-41979

cve-icon Vulnrichment

Updated: 2026-06-09T13:30:09.428Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T05:16:38.143

Modified: 2026-06-09T13:34:58.997

Link: CVE-2026-41979

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T06:45:26Z

Weaknesses