Severity by source
AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionCVE.org
UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.
AnalysisAI
Use-after-free vulnerability in Huawei HarmonyOS communication module allows authenticated local attackers with high privileges to cause denial of service through a race condition. CVSS score of 4.1 reflects low attack complexity and local-only vector, though availability impact is significant. No public exploit code or active exploitation confirmed at time of analysis.
Technical ContextAI
The vulnerability exists in the communication module of Huawei HarmonyOS and is rooted in a race condition (CWE-362) that results in a use-after-free memory safety error. Race conditions occur when multiple threads access shared memory without proper synchronization, allowing one thread to free memory while another thread attempts to use it. In this communication module context, timing-dependent access to freed memory objects can lead to unpredictable behavior and resource exhaustion. The affected product is identified via CPE cpe:2.3:a:huawei:harmonyos:*:*:*:*:*:*:*:* spanning all versions of HarmonyOS across consumer devices.
RemediationAI
Users should consult Huawei's official security bulletins at https://consumer.huawei.com/en/support/bulletin/2026/4/ (consumer devices), https://consumer.huawei.com/en/support/bulletinvision/2026/4/ (vision devices), and https://consumer.huawei.com/en/support/bulletinwearables/2026/4/ (wearables) for available patches and update instructions. Check the applicable bulletin for your device type and HarmonyOS version, then apply the recommended firmware update. Until patched, restrict high-privilege local access to affected HarmonyOS devices where feasible, though this control is difficult to enforce on consumer devices without specialized device management.
Same weakness CWE-362 – Race Condition
View allSame technique Race Condition
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21836