Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.
AnalysisAI
Arbitrary code execution in OpenHarmony v6.0 and earlier enables remote attackers with low privileges to execute code within pre-installed apps via an out-of-bounds write (CWE-787). The CVSS 8.8 vector reflects network-reachable exploitation with low complexity and no user interaction once minimal privileges are obtained, yielding high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Technical ContextAI
OpenHarmony is an open-source distributed operating system stewarded by the OpenAtom Foundation, deployed across IoT, smart-home, wearable, automotive, and mobile-class devices, with pre-installed system apps that run with elevated platform privileges. The root cause is CWE-787 (out-of-bounds write) - a memory-safety class in which untrusted input causes the program to write past an allocated buffer boundary, corrupting adjacent heap or stack memory and enabling control-flow hijack when crafted data overwrites function pointers, return addresses, or object vtables. The CPE cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:* indicates the flaw resides in the OpenHarmony platform itself rather than a third-party component, and the 'pre-installed apps' wording implies the vulnerable code path is reachable through application surfaces shipped by default with the OS image.
RemediationAI
Upgrade to a release later than OpenHarmony v6.0 once the OpenAtom Foundation publishes a fixed build; the input does not include an explicit fix version, so this should be treated as 'Patch available per vendor advisory' and the exact target version must be read from the OpenHarmony April 2026 security bulletin at https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-04.md. Until a patched firmware image is deployed, restrict network exposure of affected devices by placing them on isolated VLANs that block inbound connections from untrusted networks, disable or remove non-essential pre-installed apps if the OEM build permits it, and constrain which local accounts can install or interact with vulnerable components (since exploitation requires PR:L). Note that VLAN segmentation breaks remote-management tooling and removing pre-installed apps may degrade vendor-supplied features such as OTA updates or telemetry, so validate these controls in a pilot fleet before broad rollout.
More in Openharmony
View allin OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sens
in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper in
in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after f
in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use aft
OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softb
OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. Rated high severity (CVSS 8.8), this vulne
Out-of-bounds write in OpenHarmony v6.0 and earlier enables a local low-privileged attacker to corrupt memory and trigge
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30829
GHSA-fpp4-pf9w-p6rr