Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Local-only access required with no prior privileges; limited confidentiality leak and availability disruption without integrity impact, consistent with Bluetooth permission bypass description.
Primary rating from Vendor (huawei).
CVSS VectorVendor: huawei
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect availability.
AnalysisAI
Permission control failure in the Bluetooth module of Huawei HarmonyOS and EMUI exposes devices to local exploitation that can degrade Bluetooth service availability and leak limited data. The flaw, classified under CWE-264, allows a local process operating without elevated privileges to bypass Bluetooth permission enforcement, potentially disrupting connectivity or reading restricted information. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that an attacker have the ability to execute code locally on the target device - either via a malicious app installed by the user, a previously compromised application, or physical access. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 5.1 (Medium) reflects a local-only attack vector with no privilege requirement, no user interaction, and limited dual impact on confidentiality and availability (C:L/I:N/A:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A malicious application installed on a Huawei HarmonyOS or EMUI device without Bluetooth-specific permissions invokes an insufficiently guarded Bluetooth system service API, bypassing the expected permission check. The app either reads limited Bluetooth-related data or sends control commands that disrupt the Bluetooth service, degrading connectivity for the device user. … |
| Remediation | Apply the security update referenced in Huawei's July 2026 security bulletin at https://consumer.huawei.com/en/support/bulletin/2026/7/; the exact patched HarmonyOS and EMUI version numbers are not specified in the available data and must be confirmed against the bulletin directly. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Harmony Os
View allLocal information disclosure in Huawei HarmonyOS and EMUI stems from a flawed permission-control check in the file syste
Uncontrolled memory allocation in Huawei's vibration service crashes affected HarmonyOS and EMUI devices, resulting in a
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44663
GHSA-vc9f-285p-f5rf