Skip to main content

HarmonyOS Bluetooth CVE-2026-58556

| EUVDEUVD-2026-44663 MEDIUM
Permissions, Privileges, and Access Controls (CWE-264)
2026-07-15 huawei GHSA-vc9f-285p-f5rf
5.1
CVSS 3.1 · Vendor: huawei
Share

Severity by source

Vendor (huawei) PRIMARY
5.1 MEDIUM
AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
vuln.today AI
5.1 MEDIUM

Local-only access required with no prior privileges; limited confidentiality leak and availability disruption without integrity impact, consistent with Bluetooth permission bypass description.

3.1 AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
4.0 AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (huawei).

CVSS VectorVendor: huawei

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jul 15, 2026 - 13:22 vuln.today

DescriptionCVE.org

Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect availability.

AnalysisAI

Permission control failure in the Bluetooth module of Huawei HarmonyOS and EMUI exposes devices to local exploitation that can degrade Bluetooth service availability and leak limited data. The flaw, classified under CWE-264, allows a local process operating without elevated privileges to bypass Bluetooth permission enforcement, potentially disrupting connectivity or reading restricted information. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Install malicious app on Huawei device
Exploit
Invoke unguarded Bluetooth system service API
Execution
Bypass permission control check
Impact
Read limited Bluetooth data or disrupt Bluetooth service

Vulnerability AssessmentAI

Exploitation Exploitation requires that an attacker have the ability to execute code locally on the target device - either via a malicious app installed by the user, a previously compromised application, or physical access. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 5.1 (Medium) reflects a local-only attack vector with no privilege requirement, no user interaction, and limited dual impact on confidentiality and availability (C:L/I:N/A:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A malicious application installed on a Huawei HarmonyOS or EMUI device without Bluetooth-specific permissions invokes an insufficiently guarded Bluetooth system service API, bypassing the expected permission check. The app either reads limited Bluetooth-related data or sends control commands that disrupt the Bluetooth service, degrading connectivity for the device user. …
Remediation Apply the security update referenced in Huawei's July 2026 security bulletin at https://consumer.huawei.com/en/support/bulletin/2026/7/; the exact patched HarmonyOS and EMUI version numbers are not specified in the available data and must be confirmed against the bulletin directly. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-58556 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy