CRITICAL🇵🇱 Wersja polska

CVE-2026-34865

CVSS 10.0v4.0pub. 2026-04-13upd. 2026-04-17

Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

🤖 AI Analysis
How it works

The error consists of writing data beyond the boundaries of allocated heap buffer (heap buffer overflow) in the WEB module of HarmonyOS. An attacker can provide specially crafted input data that causes memory overwrite exceeding the designated area. Due to the network vector (AV:N), lack of authentication requirements (PR:N), and user interaction (UI:N), the exploit can be performed remotely without any cooperation from the victim.

Impact

Successful exploitation of the vulnerability may lead to breach of data confidentiality (e.g., disclosure of information from process memory) and loss of system availability (crash, denial of service, or potential arbitrary code execution). The impact includes both the system and resources of related components.

Mitigation & patch

Apply patches available from the manufacturer according to the references: https://consumer.huawei.com/en/support/bulletinwearables/2026/4/. It is recommended to implement firmware updates for Huawei devices running HarmonyOS as soon as possible.

Who is affected

Huawei HarmonyOS operating system — specific versions indicated in the manufacturer's references (Huawei Security Bulletin, April 2026, wearables section).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Huawei Harmonyos

    OS
    Huawei
    6.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2026-28536CRITICAL9.6PL ✓ten sam produkt

Pominięcie uwierzytelnienia w module autoryzacji urządzeń Huawei HarmonyOS

CVE-2025-64314CRITICAL9.3PL ✓ten sam produkt

Błąd kontroli uprawnień w module zarządzania pamięcią Huawei HarmonyOS

CVE-2024-42037CRITICAL9.3PL ✓ten sam produkt

Nieobsłużony wyjątek w module Graphics systemów Huawei EMUI/HarmonyOS

CVE-2024-39671CRITICAL9.3PL ✓ten sam produkt

Podatność kontroli dostępu w module weryfikacji bezpieczeństwa Huawei

CVE-2023-52538CRITICAL9.1PL ✓ten sam produkt

Ominięcie weryfikacji nazwy pakietu w module HwIms (Huawei EMUI/HarmonyOS)