Skip to main content

Aiassistant EUVDEUVD-2026-24063

| CVE-2026-31368 HIGH
Improper Privilege Management (CWE-269)
2026-04-21 Honor GHSA-jm5q-gx4v-rpxq
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Re-analysis Queued
Apr 21, 2026 - 16:22 vuln.today
cvss_changed
Analysis Generated
Apr 21, 2026 - 07:26 vuln.today
EUVD ID Assigned
Apr 21, 2026 - 07:15 euvd
EUVD-2026-24063
Analysis Generated
Apr 21, 2026 - 07:15 vuln.today
CVE Published
Apr 21, 2026 - 06:40 nvd
HIGH 7.8

DescriptionCVE.org

AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.

AnalysisAI

Local privilege escalation in Honor AiAssistant (all versions) allows authenticated users with low privileges to gain full system control (high impact on confidentiality, integrity, and availability) through authentication bypass. Vendor advisory confirmed by Honor with CVSS 7.8. No active exploitation confirmed; EPSS data not yet available as this is a recently disclosed 2026 CVE.

Technical ContextAI

The vulnerability is classified as an authentication bypass affecting Honor's AiAssistant application, likely an AI-powered digital assistant component in Honor devices. The 'type privilege bypass' description suggests a flaw in the privilege validation mechanism that incorrectly handles type checking or type confusion when verifying user permissions. This class of vulnerability typically occurs when an application fails to properly validate user privilege levels during sensitive operations, allowing a lower-privileged user to execute functions intended for higher privilege levels. The local attack vector (AV:L) indicates the flaw exists in client-side privilege enforcement rather than network-accessible services. The affected product CPE indicates all versions of AiAssistant are vulnerable, though specific version ranges are not provided in available data.

RemediationAI

Apply the vendor security update for AiAssistant as detailed in Honor's official security advisory at https://www.honor.com/global/security/cve-2026-31368/. The exact patched version number is not specified in available data; users should check the Honor advisory page or device system update mechanism for the latest security patch. For Honor device owners, navigate to Settings > System & updates > Software update and install all available security patches. If immediate patching is not feasible, consider disabling or restricting the AiAssistant application through device settings, though this eliminates assistant functionality. Enterprise deployments should restrict local user access on shared Honor devices and implement mobile device management (MDM) policies that enforce automatic security updates. Note that disabling AiAssistant may impact user experience features dependent on AI assistance, and no temporary workaround preserves full functionality while mitigating risk.

Share

EUVD-2026-24063 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy