Skip to main content

Huawei HarmonyOS EUVDEUVD-2026-30527

| CVE-2026-41971 MEDIUM
Business Logic Errors (CWE-840)
2026-05-15 huawei GHSA-qh29-mq6c-xg5v
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
May 15, 2026 - 10:31 vuln.today
CVE Published
May 15, 2026 - 09:18 nvd
MEDIUM 5.5

DescriptionCVE.org

Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

AnalysisAI

Information disclosure in Huawei HarmonyOS security control module allows local attackers with user interaction to read sensitive data. The vulnerability stems from improper permission control in the security module, enabling unauthorized access to confidential information without requiring elevated privileges. CVSS 5.5 indicates moderate severity with local attack vector; no KEV status or public exploit confirmed at time of analysis.

Technical ContextAI

The vulnerability exists in HarmonyOS security control module, affecting permission enforcement logic (CWE-840: Use of Insufficiently Random Values). The attack vector is local (AV:L) with low attack complexity (AC:L), indicating the flaw is exploitable through direct system access without sophisticated techniques. The requirement for user interaction (UI:R) and unprivileged user context (PR:N) suggests the vulnerability may be triggered through user actions or UI elements that inadvertently expose protected data. The confidentiality impact is rated high (C:H) with no integrity or availability impact, confirming the vulnerability enables data reading, not modification or denial of service.

RemediationAI

Apply Huawei security update referenced in official advisories at https://consumer.huawei.com/en/support/bulletin/2026/5/ and https://consumer.huawei.com/en/support/bulletinlaptops/2026/5/. Exact patched version numbers are not specified in available references; consult Huawei support directly or check device settings for available security patches. Until patching, restrict local system access to trusted users and disable user-facing features that trigger permission control logic if they can be identified through Huawei documentation or support channels. Educate users to avoid actions that may trigger the vulnerability if specific user interaction patterns are documented by Huawei.

Share

EUVD-2026-30527 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy