Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
AnalysisAI
Information disclosure in Huawei HarmonyOS security control module allows local attackers with user interaction to read sensitive data. The vulnerability stems from improper permission control in the security module, enabling unauthorized access to confidential information without requiring elevated privileges. CVSS 5.5 indicates moderate severity with local attack vector; no KEV status or public exploit confirmed at time of analysis.
Technical ContextAI
The vulnerability exists in HarmonyOS security control module, affecting permission enforcement logic (CWE-840: Use of Insufficiently Random Values). The attack vector is local (AV:L) with low attack complexity (AC:L), indicating the flaw is exploitable through direct system access without sophisticated techniques. The requirement for user interaction (UI:R) and unprivileged user context (PR:N) suggests the vulnerability may be triggered through user actions or UI elements that inadvertently expose protected data. The confidentiality impact is rated high (C:H) with no integrity or availability impact, confirming the vulnerability enables data reading, not modification or denial of service.
RemediationAI
Apply Huawei security update referenced in official advisories at https://consumer.huawei.com/en/support/bulletin/2026/5/ and https://consumer.huawei.com/en/support/bulletinlaptops/2026/5/. Exact patched version numbers are not specified in available references; consult Huawei support directly or check device settings for available security patches. Until patching, restrict local system access to trusted users and disable user-facing features that trigger permission control logic if they can be identified through Huawei documentation or support channels. Educate users to avoid actions that may trigger the vulnerability if specific user interaction patterns are documented by Huawei.
Same weakness CWE-840 – Business Logic Errors
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30527
GHSA-qh29-mq6c-xg5v