Skip to main content

CVE-2026-34863

| EUVDEUVD-2026-21844 MEDIUM
Out-of-bounds Write (CWE-787)
2026-04-13 huawei GHSA-m263-6xmg-c437
6.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Apr 13, 2026 - 05:27 vuln.today
EUVD ID Assigned
Apr 13, 2026 - 05:15 euvd
EUVD-2026-21844
Analysis Generated
Apr 13, 2026 - 05:15 vuln.today
CVE Published
Apr 13, 2026 - 04:10 nvd
MEDIUM 6.7

DescriptionCVE.org

Out-of-bounds write vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability.

AnalysisAI

Out-of-bounds write in HarmonyOS file system allows local privileged attackers to corrupt memory with high impact on confidentiality, integrity, and availability. The vulnerability affects HarmonyOS across versions and requires high-level local system privileges to exploit, making it a critical concern for multi-user systems and containerized deployments where privilege escalation vectors exist.

Technical ContextAI

The vulnerability is a classic out-of-bounds write (CWE-787) in memory management within HarmonyOS's file system implementation. This class of memory corruption defect occurs when code writes data beyond the intended boundaries of a buffer, potentially overwriting adjacent heap or stack memory. The affected product is HarmonyOS (CPE: cpe:2.3:a:huawei:harmonyos:*:*:*:*:*:*:*:*), indicating all versions are potentially impacted. File system components typically handle I/O operations at the kernel or privileged user-space level, and an out-of-bounds write in this context can cascade into arbitrary memory corruption, potentially enabling code execution or system denial of service.

RemediationAI

Huawei has published a security bulletin at https://consumer.huawei.com/en/support/bulletin/2026/4/ detailing remediation steps and patch availability. Users should consult that bulletin to identify the specific patched version applicable to their HarmonyOS release and apply updates immediately. In the interim, restrict local system access to trusted administrators and implement least-privilege account policies to reduce the likelihood of a high-privilege user exploiting this vulnerability. Monitor file system operations and system memory corruption events via available HarmonyOS security logging.

Share

CVE-2026-34863 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy