Skip to main content

EUVDEUVD-2026-21846

| CVE-2026-34864 MEDIUM
Buffer Overflow (CWE-119)
2026-04-13 huawei GHSA-qrvp-579j-2cf5
6.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

4
Analysis Generated
Apr 13, 2026 - 05:27 vuln.today
EUVD ID Assigned
Apr 13, 2026 - 05:15 euvd
EUVD-2026-21846
Analysis Generated
Apr 13, 2026 - 05:15 vuln.today
CVE Published
Apr 13, 2026 - 04:11 nvd
MEDIUM 6.8

DescriptionCVE.org

Boundary-unlimited vulnerability in the application read module. Impact: Successful exploitation of this vulnerability may affect availability.

AnalysisAI

Local privilege escalation in HarmonyOS application read module allows unauthenticated local attackers to cause memory corruption through a boundary-unlimited buffer overflow, potentially achieving code execution or system crash with high availability impact. CVSS 6.8 reflects local attack vector with integrity and availability consequences. Huawei has released security bulletins addressing this CWE-119 vulnerability affecting HarmonyOS devices.

Technical ContextAI

This vulnerability is a classic boundary-unlimited buffer overflow (CWE-119) in HarmonyOS's application read module, a component responsible for reading and processing application data or resources. The root cause is insufficient bounds checking when writing to a fixed-size memory buffer, allowing an attacker to overflow the buffer and corrupt adjacent memory. The CVSS vector (AV:L/AC:L/PR:N/UI:N/S:U) indicates this is a local privilege escalation requiring only file system or local process access, with no prerequisites or user interaction needed. The affected products are all versions of HarmonyOS (CPE: cpe:2.3:a:huawei:harmonyos:*:*:*:*:*:*:*:*), suggesting this is a foundational issue in the OS kernel or core libraries rather than a specific version.

RemediationAI

Apply the security updates provided in Huawei's official security bulletins. Visit https://consumer.huawei.com/en/support/bulletin/2026/4/ for consumer HarmonyOS devices and https://consumer.huawei.com/en/support/bulletinwearables/2026/4/ for wearable devices to identify the exact patched firmware version for your device model. Huawei will provide specific firmware version numbers and over-the-air update instructions through these channels. Until patches are applied, restrict physical access to devices and avoid installing untrusted applications from non-official sources, as this vulnerability requires local access to exploit.

Share

EUVD-2026-21846 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy