Skip to main content

CVE-2026-34850

| EUVDEUVD-2026-21792 LOW
Race Condition (CWE-362)
2026-04-13 huawei GHSA-wr2h-3c4w-c34q
1.9
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Apr 13, 2026 - 04:25 vuln.today
EUVD ID Assigned
Apr 13, 2026 - 04:15 euvd
EUVD-2026-21792
Analysis Generated
Apr 13, 2026 - 04:15 vuln.today
CVE Published
Apr 13, 2026 - 03:42 nvd
LOW 1.9

DescriptionCVE.org

Race condition vulnerability in the notification service. Impact: Successful exploitation of this vulnerability may affect availability.

AnalysisAI

Race condition in Huawei HarmonyOS notification service allows local high-privilege attackers to cause limited availability impact through timing-dependent exploitation. CVSS 1.9 reflects minimal real-world risk due to high attack complexity, elevated privileges, and no confidentiality or integrity effects. No public exploit code or active exploitation confirmed.

Technical ContextAI

The vulnerability exists in HarmonyOS notification service as a classic race condition (CWE-362), where concurrent access to shared resources during notification processing creates a window for state manipulation. Attack requires local system access with high privileges (PR:H per CVSS vector), meaning the attacker must already be an administrative or system user. The vulnerability affects resource availability rather than data confidentiality or integrity, limiting practical impact to denial of service of notification functionality.

RemediationAI

Apply the security patch from Huawei's official advisory at https://consumer.huawei.com/en/support/bulletin/2026/4/. Patch availability and specific version numbers should be confirmed via Huawei's support portal. As an interim measure, restrict administrative access and monitor notification service logs for suspicious timing patterns. This vulnerability requires administrative-level access, so principle of least privilege mitigation is effective.

Share

CVE-2026-34850 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy