Huawei Harmonyos vulnerabilities

CVE-2026-28536 [HIGH] CWE-305 CVE-2026-28536: Authentication bypass vulnerability in the device authentication module. Impact: Successful exploita Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CVE-2026-28552 [HIGH] CWE-19 CVE-2026-28552: Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnera Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2026-28543 [MEDIUM] CWE-362 CVE-2026-28543: Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitat Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2026-28546 [MEDIUM] CWE-122 CVE-2026-28546: Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulner Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2026-28541 [MEDIUM] CWE-264 CVE-2026-28541: Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of thi Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2026-28547 [MEDIUM] CWE-824 CVE-2026-28547: Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitatio Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2026-28539 [MEDIUM] CWE-19 CVE-2026-28539: Data processing vulnerability in the certificate management module. Impact: Successful exploitation Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2026-28545 [MEDIUM] CWE-362 CVE-2026-28545: Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnera Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2026-28550 [MEDIUM] CWE-840 CVE-2026-28550: Race condition vulnerability in the security control module. Impact: Successful exploitation of this Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2026-28551 [MEDIUM] CWE-362 CVE-2026-28551: Race condition vulnerability in the device security management module. Impact: Successful exploitati Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2026-28544 [MEDIUM] CWE-362 CVE-2026-28544: Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnera Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2025-66319 [MEDIUM] CWE-264 CVE-2025-66319: Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2026-28542 [MEDIUM] CWE-755 CVE-2026-28542: Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2026-28549 [MEDIUM] CWE-362 CVE-2026-28549: Race condition vulnerability in the permission management service. Impact: Successful exploitation o Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2026-28548 [MEDIUM] CWE-269 CVE-2026-28548: Vulnerability of improper verification in the email application. Impact: Successful exploitation of Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2026-28538 [MEDIUM] CWE-24 CVE-2026-28538: Path traversal vulnerability in the certificate management module. Impact: Successful exploitation o Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2026-28537 [MEDIUM] CWE-415 CVE-2026-28537: Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerabilit Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability.

CVE-2026-28540 [LOW] CWE-158 CVE-2026-28540: Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vul Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2026-24921 [HIGH] CWE-125 CVE-2026-24921: Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

CVE-2026-24915 [HIGH] CWE-125 CVE-2026-24915: Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerabili Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.