Skip to main content

HarmonyOS EUVDEUVD-2026-30530

| CVE-2026-41962 LOW
Permissions, Privileges, and Access Controls (CWE-264)
2026-05-15 huawei GHSA-r3m7-p557-4m6j
3.6
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.6 LOW
AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
May 15, 2026 - 10:30 vuln.today
CVE Published
May 15, 2026 - 09:25 nvd
LOW 3.6

DescriptionCVE.org

Permission control vulnerability in the app management and control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

AnalysisAI

HarmonyOS app management and control module permits local privilege escalation through improper permission controls, allowing unauthenticated local attackers with user interaction to access confidential service data. CVSS 3.6 (low severity) reflects local-only attack vector and requirement for user interaction, though the privilege escalation nature means affected systems warrant review for deployment context.

Technical ContextAI

The vulnerability resides in HarmonyOS's app management and control subsystem, which enforces application permissions and access controls. The underlying issue is classified as CWE-264 (Use of a Broken or Risky Cryptographic Algorithm), though the description indicates a permission control flaw rather than cryptographic weakness-suggesting the CWE classification may reflect inadequate permission validation logic rather than algorithm misuse. The local attack vector (AV:L) combined with user interaction requirement (UI:R) indicates exploitation requires either local code execution context or social engineering to trigger the vulnerable code path. The cross-scope impact (S:C) means the vulnerability can affect resources beyond the vulnerable component's security scope.

RemediationAI

Apply the security patch released by Huawei as documented in their May 2026 security bulletin (https://consumer.huawei.com/en/support/bulletin/2026/5/). Specific patched version numbers are not confirmed in available data; consult Huawei's bulletin directly for your device model and firmware track. Interim mitigation: restrict app installation permissions to trusted sources and disable installation from unknown sources (if available in your HarmonyOS configuration). Monitor app permission requests and revoke unnecessary permissions granted to third-party apps, particularly those requesting access to sensitive services. These mitigations do not fix the underlying vulnerability but reduce the attack surface for privilege escalation.

Share

EUVD-2026-30530 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy