Skip to main content

Huawei HarmonyOS CVE-2026-41965

| EUVDEUVD-2026-30526 MEDIUM
Business Logic Errors (CWE-840)
2026-05-15 huawei GHSA-rmrw-m86p-jc3w
5.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.6 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Analysis Generated
May 15, 2026 - 10:30 vuln.today
CVE Published
May 15, 2026 - 09:06 nvd
MEDIUM 5.6

DescriptionCVE.org

Use-After-Free (UAF) vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability.

AnalysisAI

Use-after-free vulnerability in Huawei HarmonyOS web components allows remote attackers to disclose sensitive information and cause limited integrity and availability impact. The vulnerability requires high attack complexity but can be triggered without authentication or user interaction over the network, affecting confidentiality, integrity, and availability with low severity (CVSS 5.6). No active exploitation has been publicly confirmed.

Technical ContextAI

The vulnerability is a use-after-free (UAF) memory corruption flaw classified under CWE-840 (Use of Incorrectly Resolved Name or Reference), occurring within web-related components of HarmonyOS. Use-after-free vulnerabilities arise when code attempts to access memory that has been deallocated, potentially allowing attackers to read sensitive data from freed memory regions or corrupt heap structures. The web component context suggests the flaw exists in browser, WebView, or HTML rendering subsystems. The high attack complexity (AC:H) indicates successful exploitation requires specific timing conditions, race conditions, or precise triggering of memory management edge cases that are not trivial to reproduce reliably.

RemediationAI

Apply the security update provided by Huawei through the official bulletins at https://consumer.huawei.com/en/support/bulletin/2026/5/ and https://consumer.huawei.com/en/support/bulletinlaptops/2026/5/. Specific patched version numbers are not available in provided data - consult the vendor bulletins for exact firmware versions to upgrade to. Until patching is possible, restrict network access to web components by disabling or sandboxing web browsing features if operationally feasible, though this provides only partial mitigation given the remote network vector. Implement network segmentation to limit exposure of affected HarmonyOS devices to untrusted networks.

Share

CVE-2026-41965 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy