Description
Permission control vulnerability in the file preview module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Published: 2026-06-09
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a permission control flaw located in the file preview module of Huawei HarmonyOS. Exploiting it can allow an attacker to read confidential data exposed by the preview functionality, resulting in a loss of service confidentiality. The underlying weakness is an information exposure flaw (CWE‑200).

Affected Systems

Huawei HarmonyOS operating system is the affected product. Specific versions affected are not listed in the available data, so any installation that includes the file preview module may be vulnerable until a patch is released.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. EPSS data is not available, and the vulnerability is not listed in CISA KEV, suggesting no known large‑scale exploitation at the time of analysis. The likely attack vector is through the file preview feature, which could be accessed locally or remotely depending on the deployment context; however, the description does not specify the exact vector.

Generated by OpenCVE AI on June 9, 2026 at 06:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify and install the latest HarmonyOS update that resolves the permission handling flaw in the file preview module.
  • Configure the preview module to be accessible only to authenticated and authorized users.
  • Disable the file preview feature through system settings until a fix is released.

Generated by OpenCVE AI on June 9, 2026 at 06:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Title Permission Control Flaw in HarmonyOS File Preview Exposes Confidential Information

Tue, 09 Jun 2026 06:00:00 +0000

Type Values Removed Values Added
First Time appeared Huawei
Huawei harmonyos
Vendors & Products Huawei
Huawei harmonyos

Tue, 09 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description Permission control vulnerability in the file preview module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Huawei Harmonyos
cve-icon MITRE

Status: PUBLISHED

Assigner: huawei

Published:

Updated: 2026-06-09T13:25:45.371Z

Reserved: 2026-04-23T01:42:44.929Z

Link: CVE-2026-41980

cve-icon Vulnrichment

Updated: 2026-06-09T13:25:32.192Z

cve-icon NVD

Status : Deferred

Published: 2026-06-09T05:16:38.260

Modified: 2026-06-09T13:34:58.997

Link: CVE-2026-41980

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T06:15:06Z

Weaknesses