Severity by source
AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
Lifecycle Timeline
4DescriptionCVE.org
Race condition vulnerability in the event notification module. Impact: Successful exploitation of this vulnerability may affect availability.
AnalysisAI
Race condition in Huawei HarmonyOS event notification module allows local authenticated users with user interaction to cause denial of service through availability impact. The vulnerability requires local access, high attack complexity, and user interaction; with a CVSS score of 2.2, it represents minimal real-world risk. No public exploit code or active exploitation has been confirmed at this time.
Technical ContextAI
The vulnerability exists in HarmonyOS's event notification module and is classified as a race condition (CWE-362), a timing-dependent flaw where improper synchronization between concurrent operations allows an attacker to manipulate state during a narrow window. The affected product is Huawei HarmonyOS across multiple versions (cpe:2.3:a:huawei:harmonyos:*:*:*:*:*:*:*:*), indicating the flaw is present in a range of releases. Race conditions in event handling systems typically arise from unsynchronized access to shared resources during notification processing, which can result in logic errors or resource exhaustion when exploited by manipulating timing of concurrent operations.
RemediationAI
Users should consult Huawei's official security bulletins at https://consumer.huawei.com/en/support/bulletin/2026/4/ (consumer devices) and https://consumer.huawei.com/en/support/bulletinlaptops/2026/4/ (laptops) for specific patched HarmonyOS versions and deployment instructions. Apply the recommended security update when available from Huawei. Given the low CVSS score (2.2) and high attack complexity, patching can be scheduled as part of routine maintenance rather than emergency response. No workarounds are documented; patching is the primary remediation path.
Same weakness CWE-362 – Race Condition
View allSame technique Race Condition
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21794