Skip to main content

Honor E CVE-2026-31370

| EUVDEUVD-2026-24067 MEDIUM
Information Exposure (CWE-200)
2026-04-21 Honor GHSA-mj74-pwgm-79gv
6.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Apr 21, 2026 - 07:26 vuln.today
EUVD ID Assigned
Apr 21, 2026 - 07:15 euvd
EUVD-2026-24067
Analysis Generated
Apr 21, 2026 - 07:15 vuln.today
CVE Published
Apr 21, 2026 - 06:30 nvd
MEDIUM 6.3

DescriptionCVE.org

Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.

AnalysisAI

Honor E App discloses sensitive information to unauthorized users via network-accessible endpoints, requiring user interaction but affecting service confidentiality across all product versions. The vulnerability carries a moderate CVSS score of 6.3 (AV:N/AC:L/PR:N/UI:R) indicating remote exploitation without authentication, though successful attack requires user interaction. Patch availability and exploitation status remain unconfirmed from available sources.

Technical ContextAI

Honor E App (CPE: cpe:2.3:a:honor:honor_e:*:*:*:*:*:*:*:*) is affected by an information disclosure vulnerability accessible over the network. The root cause is classified under generic information disclosure risk rather than a specific CWE mapping. The vulnerability is exploitable without privilege escalation (PR:N) but requires user interaction (UI:R), suggesting the attack vector involves social engineering or user-initiated actions that expose the data leak pathway. The network-accessible nature (AV:N) indicates the flaw exists in web services, APIs, or networked components of the Honor E platform rather than local system mechanisms.

RemediationAI

Honor customers should immediately check the official security advisory at https://www.honor.com/global/security/CVE-2026-31370/ for patch availability and version-specific remediation steps. If a patched version is released, upgrade Honor E App to the patched build following Honor's deployment recommendations. As a compensating control pending patch deployment, restrict network access to Honor E App endpoints using firewall rules or network segmentation to only trusted internal networks or known user device ranges - this reduces the attack surface but may impact legitimate users on untrusted networks (e.g., public Wi-Fi) who will require VPN access or alternative connectivity. Educate users to avoid clicking untrusted links or sharing session identifiers, as user interaction is required to trigger the leak. Monitor access logs for suspicious data retrieval patterns or unusual API calls to the affected endpoints.

Share

CVE-2026-31370 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy