CVE-2026-34865

| EUVD-2026-21877 CRITICAL
2026-04-13 huawei GHSA-f3fr-gvgx-x9gh
Heap Overflow Buffer Overflow
10.0
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Apr 13, 2026 - 07:29 vuln.today
CVSS Changed
Apr 13, 2026 - 07:22 NVD
10.0 (CRITICAL)

DescriptionNVD

Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

AnalysisAI

Out-of-bounds heap write in Huawei HarmonyOS WEB module allows unauthenticated remote attackers to execute arbitrary code and exfiltrate sensitive data with no user interaction required. CVSS v4.0 score of 10.0 (Critical) reflects network-based exploitation with low complexity requiring no privileges or user interaction. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all HarmonyOS-based devices and systems in production; isolate or restrict network access to affected devices pending remediation. Within 7 days: Contact Huawei for security guidance and expected patch timeline; implement network segmentation to limit lateral movement if compromise occurs. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-34865 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy