Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.
AnalysisAI
Local privilege escalation in Honor AiAssistant (all versions) allows authenticated users with low privileges to gain full system control (high impact on confidentiality, integrity, and availability) through authentication bypass. Vendor advisory confirmed by Honor with CVSS 7.8. No active exploitation confirmed; EPSS data not yet available as this is a recently disclosed 2026 CVE.
Technical ContextAI
The vulnerability is classified as an authentication bypass affecting Honor's AiAssistant application, likely an AI-powered digital assistant component in Honor devices. The 'type privilege bypass' description suggests a flaw in the privilege validation mechanism that incorrectly handles type checking or type confusion when verifying user permissions. This class of vulnerability typically occurs when an application fails to properly validate user privilege levels during sensitive operations, allowing a lower-privileged user to execute functions intended for higher privilege levels. The local attack vector (AV:L) indicates the flaw exists in client-side privilege enforcement rather than network-accessible services. The affected product CPE indicates all versions of AiAssistant are vulnerable, though specific version ranges are not provided in available data.
RemediationAI
Apply the vendor security update for AiAssistant as detailed in Honor's official security advisory at https://www.honor.com/global/security/cve-2026-31368/. The exact patched version number is not specified in available data; users should check the Honor advisory page or device system update mechanism for the latest security patch. For Honor device owners, navigate to Settings > System & updates > Software update and install all available security patches. If immediate patching is not feasible, consider disabling or restricting the AiAssistant application through device settings, though this eliminates assistant functionality. Enterprise deployments should restrict local user access on shared Honor devices and implement mobile device management (MDM) policies that enforce automatic security updates. Note that disabling AiAssistant may impact user experience features dependent on AI assistance, and no temporary workaround preserves full functionality while mitigating risk.
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-24063
GHSA-jm5q-gx4v-rpxq