Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect integrity and confidentiality.
AnalysisAI
Permission control failure in the HarmonyOS print module allows a local attacker - without requiring elevated privileges - to compromise system integrity through user-triggered interaction. The vulnerability resides in Huawei's HarmonyOS, disclosed via the June 2026 Huawei Security Bulletin, and carries a CVSS 5.5 (Medium) rating. No public exploit code has been identified at time of analysis, and it does not appear in the CISA KEV catalog, though the high integrity impact warrants attention in enterprise HarmonyOS deployments.
Technical ContextAI
The vulnerability affects the print module of Huawei HarmonyOS, identified via CPE cpe:2.3:a:huawei:harmonyos:*:*:*:*:*:*:*:*. The CWE assigned is CWE-701 ('Weaknesses Introduced During Design'), which is a high-level category/pillar rather than a specific weakness class - atypically broad for a CVE assignment. In context, the root cause is most consistent with improper access control or incorrect permission assignment within the print subsystem, likely a design-level failure to enforce permission boundaries when the print module processes or passes data. The CVSS vector (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) indicates a locally exploitable flaw that requires user interaction but no pre-existing privileges, resulting in high integrity impact with no confidentiality or availability consequence. Notably, the 'Information Disclosure' tag in the source intelligence conflicts with the CVSS confidentiality score of C:N - this inconsistency should be verified against the vendor bulletin.
RemediationAI
Apply the patch or update referenced in the Huawei June 2026 Security Bulletin (https://consumer.huawei.com/en/support/bulletin/2026/6/ and the laptops equivalent at https://consumer.huawei.com/en/support/bulletinlaptops/2026/6/). No specific fixed version number was included in the available intelligence data, so administrators should consult those bulletins directly to obtain the precise patched release and apply it through Huawei's standard OTA or device management update mechanisms. As a compensating control where patching is not immediately possible, restricting or disabling access to the print module for untrusted or low-trust user sessions reduces the exploitable surface, though this will interrupt legitimate print functionality. Monitoring for unexpected permission changes or print module activity via system logs can serve as a detection measure while remediation is pending.
Same weakness CWE-701 – Weaknesses Introduced During Design
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35329
GHSA-vcvh-2xwm-mp64