What is the CVSS score of CVE-2026-41964?

CVE-2026-41964 has a CVSS 3.1 base score of 8.4 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of HarmonyOS are affected by CVE-2026-41964?

CVE-2026-41964 is a high-severity race condition in HarmonyOS web components that allows local attackers to escalate privileges and achieve complete system compromise without requiring…

HarmonyOS CVE-2026-41964

EUVD-2026-30523 HIGH

Race Condition (CWE-362)

2026-05-15 huawei

GHSA-9wgr-ww7c-cg24

Information Disclosure Race Condition

8.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 15, 2026 - 10:30 vuln.today

CVE Published

May 15, 2026 - 09:00 nvd

HIGH 8.4

DescriptionNVD

Permission control vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability.

AnalysisAI

Race condition in HarmonyOS web component enables local privilege escalation to full system compromise without authentication. The TOCTOU flaw (CWE-362) allows local attackers to achieve high confidentiality, integrity, and availability impact through unauthorized permission escalation. …

RemediationAI

Within 24 hours: Inventory all HarmonyOS mobile and laptop devices in your environment and identify their current firmware versions. Within 7 days: Consult Huawei's May 2026 security bulletins to confirm patch availability for your specific device models and apply vendor-released patches to all affected systems according to the rollout plan. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41964 vulnerability details – vuln.today

Back

HarmonyOS CVE-2026-41964

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code