Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
DoS vulnerability in the browser kernel. Impact: Successful exploitation of this vulnerability may affect availability.
AnalysisAI
Denial-of-service in the HarmonyOS browser kernel component allows a remote unauthenticated attacker to degrade availability on affected Huawei devices by luring a user into visiting a malicious page or interacting with crafted content. Exploitation requires user interaction (UI:R per CVSS), limiting opportunistic reach, but the network-accessible attack vector (AV:N) and low complexity (AC:L) make delivery straightforward once a user is socially engineered. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Technical ContextAI
The affected component is the browser kernel within Huawei HarmonyOS, the proprietary operating system deployed across Huawei smartphones, wearables, and laptops. CWE-399 (Resource Management Errors) identifies the root cause class - the browser kernel fails to properly manage a resource (memory, handles, or connections) under attacker-controlled input, leading to resource exhaustion or an unrecoverable error state. This class of flaw typically manifests as uncontrolled memory consumption, object reference mismanagement, or failure to release acquired resources, ultimately crashing or hanging the browser process. The CPE string cpe:2.3:a:huawei:harmonyos:*:*:*:*:*:*:*:* covers all tracked versions of HarmonyOS without a bounded version range, suggesting Huawei has not yet published precise affected-version boundaries in machine-readable form.
RemediationAI
Apply the security updates published by Huawei in their June 2026 security bulletins for the applicable device class: smartphones at https://consumer.huawei.com/en/support/bulletin/2026/6/, wearables at https://consumer.huawei.com/en/support/bulletinwearables/2026/6/, and laptops at https://consumer.huawei.com/en/support/bulletinlaptops/2026/6/. An exact patched build version is not independently confirmed from the available data - consult the bulletin directly for the specific firmware or HarmonyOS version that addresses CVE-2026-41983. As an interim compensating control, users can avoid navigating to untrusted or unverified web content in the HarmonyOS native browser, or switch to an alternative browser application until the patch is applied; this trades browsing convenience for a meaningful reduction in attack surface given the UI:R exploitation requirement.
Same weakness CWE-399 – Resource Management Errors
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35355
GHSA-767p-cppf-v3v3