Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution.
AnalysisAI
Use-After-Free memory corruption in OpenHarmony v6.0 and prior enables a local attacker with low privileges to execute arbitrary code, achieving a changed scope with high availability impact. The vulnerability is rooted in CWE-416, where freed memory regions are accessed without proper lifecycle management, a class of flaw frequently exploitable for control-flow hijacking. No public exploit code or CISA KEV listing has been identified at time of analysis, though the OpenHarmony security team has published a formal disclosure.
Technical ContextAI
CWE-416 (Use After Free) describes a condition where a program continues to use a pointer after the underlying memory has been freed, allowing an attacker to manipulate heap state and redirect execution flow. In OpenHarmony (CPE: cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:*), an IoT/mobile operating system developed under the OpenAtom Foundation, this class of flaw in a kernel or privileged subsystem component can bridge the boundary between user-space and a higher-privilege domain. The CVSS vector S:C (Changed Scope) corroborates this cross-boundary impact, suggesting the vulnerable component operates in a context that can affect resources outside its own trust boundary, consistent with a kernel driver or system service UAF.
RemediationAI
Upgrade OpenHarmony to a version beyond v6.0 as directed by the vendor's May 2026 security disclosure, available at https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-05.md. An exact patched release version is not independently confirmed from the available data - patch status is 'patch available per vendor advisory' and the precise fix version should be verified directly against the OpenHarmony release notes. As a compensating control where patching is not immediately feasible, restrict the attack surface by limiting untrusted local user access and preventing installation of unvetted third-party applications on affected devices; note this reduces but does not eliminate risk, as legitimate low-privilege users could still trigger the flaw. For IoT deployments, physical access controls and network isolation of devices reduce attacker reach to the local vector required.
More in Openharmony
View allin OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through
Arbitrary code execution in OpenHarmony v6.0 and earlier enables remote attackers with low privileges to execute code wi
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sens
in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper in
in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after f
in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use aft
OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softb
OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. Rated high severity (CVSS 8.8), this vulne
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30834
GHSA-g7x6-q2cp-cfqw