Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
The error consists of writing data beyond the boundaries of allocated heap buffer (heap buffer overflow) in the WEB module of HarmonyOS. An attacker can provide specially crafted input data that causes memory overwrite exceeding the designated area. Due to the network vector (AV:N), lack of authentication requirements (PR:N), and user interaction (UI:N), the exploit can be performed remotely without any cooperation from the victim.
Successful exploitation of the vulnerability may lead to breach of data confidentiality (e.g., disclosure of information from process memory) and loss of system availability (crash, denial of service, or potential arbitrary code execution). The impact includes both the system and resources of related components.
Apply patches available from the manufacturer according to the references: https://consumer.huawei.com/en/support/bulletinwearables/2026/4/. It is recommended to implement firmware updates for Huawei devices running HarmonyOS as soon as possible.
Huawei HarmonyOS operating system — specific versions indicated in the manufacturer's references (Huawei Security Bulletin, April 2026, wearables section).
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XHuawei Harmonyos
OSHuawei6.0.0
Related vulnerabilities
Pominięcie uwierzytelnienia w module autoryzacji urządzeń Huawei HarmonyOS
Błąd kontroli uprawnień w module zarządzania pamięcią Huawei HarmonyOS
Nieobsłużony wyjątek w module Graphics systemów Huawei EMUI/HarmonyOS
Podatność kontroli dostępu w module weryfikacji bezpieczeństwa Huawei
Ominięcie weryfikacji nazwy pakietu w module HwIms (Huawei EMUI/HarmonyOS)