Skip to main content

EUVDEUVD-2026-21794

| CVE-2026-34851 LOW
Race Condition (CWE-362)
2026-04-13 huawei
2.2
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
2.2 LOW
AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Apr 13, 2026 - 04:25 vuln.today
EUVD ID Assigned
Apr 13, 2026 - 04:15 euvd
EUVD-2026-21794
Analysis Generated
Apr 13, 2026 - 04:15 vuln.today
CVE Published
Apr 13, 2026 - 03:44 nvd
LOW 2.2

DescriptionCVE.org

Race condition vulnerability in the event notification module. Impact: Successful exploitation of this vulnerability may affect availability.

AnalysisAI

Race condition in Huawei HarmonyOS event notification module allows local authenticated users with user interaction to cause denial of service through availability impact. The vulnerability requires local access, high attack complexity, and user interaction; with a CVSS score of 2.2, it represents minimal real-world risk. No public exploit code or active exploitation has been confirmed at this time.

Technical ContextAI

The vulnerability exists in HarmonyOS's event notification module and is classified as a race condition (CWE-362), a timing-dependent flaw where improper synchronization between concurrent operations allows an attacker to manipulate state during a narrow window. The affected product is Huawei HarmonyOS across multiple versions (cpe:2.3:a:huawei:harmonyos:*:*:*:*:*:*:*:*), indicating the flaw is present in a range of releases. Race conditions in event handling systems typically arise from unsynchronized access to shared resources during notification processing, which can result in logic errors or resource exhaustion when exploited by manipulating timing of concurrent operations.

RemediationAI

Users should consult Huawei's official security bulletins at https://consumer.huawei.com/en/support/bulletin/2026/4/ (consumer devices) and https://consumer.huawei.com/en/support/bulletinlaptops/2026/4/ (laptops) for specific patched HarmonyOS versions and deployment instructions. Apply the recommended security update when available from Huawei. Given the low CVSS score (2.2) and high attack complexity, patching can be scheduled as part of routine maintenance rather than emergency response. No workarounds are documented; patching is the primary remediation path.

Share

EUVD-2026-21794 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy