cbcvebase.

Openharmony vulnerabilities

177 known vulnerabilities affecting openharmony/openharmony.

Total CVEs
177
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH66MEDIUM96LOW10

Vulnerabilities

Page 1 of 9
CVE-2026-27648P2HIGHCVSS 8.8≥ v5.0.3, ≤ v6.02026-05-19
CVE-2026-27648 [HIGH] CWE-787 CVE-2026-27648: in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-insta in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.
nvd
CVE-2024-37185P2CRITICALCVSS 9.8≥ v4.0.0, ≤ 4.0.12024-07-02
CVE-2024-37185 [CRITICAL] CWE-787 CVE-2024-37185: in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-ins in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
nvd
CVE-2024-37077P2CRITICALCVSS 9.8≥ v4.0.0, ≤ 4.0.12024-07-02
CVE-2024-37077 [CRITICAL] CWE-787 CVE-2024-37077: in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-ins in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
nvd
CVE-2024-37030P2CRITICALCVSS 9.8≥ v4.0.0, ≤ 4.0.12024-07-02
CVE-2024-37030 [CRITICAL] CWE-416 CVE-2024-37030: in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-ins in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through use after free.
nvd
CVE-2024-36260P2CRITICALCVSS 9.8≥ v4.0.0, ≤ 4.0.12024-07-02
CVE-2024-36260 [CRITICAL] CWE-787 CVE-2024-36260: in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-ins in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
nvd
CVE-2024-36243P3CRITICALCVSS 9.8≥ v4.0.0, ≤ 4.0.12024-07-02
CVE-2024-36243 [CRITICAL] CWE-125 CVE-2024-36243: in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-ins in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write.
nvd
CVE-2026-24792P3HIGHCVSS 8.1≥ v5.0.3, ≤ v6.02026-05-19
CVE-2026-24792 [HIGH] CWE-364 CVE-2026-24792: in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-insta in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.
nvd
CVE-2022-42463P3HIGHCVSS 8.8≥ 3.1, ≤ 3.1.2≥ OpenHarmony-v3.1.x-Release, ≤ 3.1.22022-10-14
CVE-2022-42463 [HIGH] CWE-287 CVE-2022-42463: OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handl OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands.
nvd
CVE-2023-45734P3HIGHCVSS 8.8≥ v3.2.0, ≤ v3.2.42024-02-02
CVE-2023-45734 [HIGH] CWE-787 CVE-2023-45734: in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution throug in OpenHarmony v3.2.4 and prior versions allow an adjacent attacker arbitrary code execution through out-of-bounds write.
nvd
CVE-2024-21860P3HIGHCVSS 8.8≥ v3.2.0, ≤ v3.2.4≥ v4.0.0, < v4.0.12024-02-02
CVE-2024-21860 [HIGH] CWE-416 CVE-2024-21860: in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in an in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free.
nvd
CVE-2022-38700P3HIGHCVSS 8.8v3.1.1≥ OpenHarmony-v3.1.x-Release, ≤ 3.1.12022-09-09
CVE-2022-38700 [HIGH] CWE-305 CVE-2022-38700: OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypa OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service.
nvd
CVE-2024-22098P3HIGHCVSS 8.8≥ v3.2.0, ≤ v3.2.42024-04-02
CVE-2024-22098 [HIGH] CWE-416 CVE-2024-22098: in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.
nvd
CVE-2025-22851P3HIGHCVSS 8.8≥ v4.1.0, ≤ v5.0.22025-04-07
CVE-2025-22851 [HIGH] CWE-190 CVE-2025-22851: in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-inst in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow.
nvd
CVE-2024-29074P3HIGHCVSS 8.8≥ v3.2.0, ≤ v3.2.42024-04-02
CVE-2024-29074 [HIGH] CWE-20 CVE-2024-29074: in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through improper input.
nvd
CVE-2024-47398P3HIGHCVSS 8.8≥ v4.1.0, ≤ 4.1.22025-01-07
CVE-2024-47398 [HIGH] CWE-787 CVE-2024-47398: in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to boot u in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to boot up through out-of-bounds write.
nvd
CVE-2023-0036P3HIGHCVSS 7.8≥ 3.0, ≤ 3.0.52023-01-09
CVE-2023-0036 [HIGH] CWE-287 CVE-2023-0036: platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authent platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
nvd
CVE-2023-0035P3HIGHCVSS 7.8≥ 3.0, ≤ 3.0.52023-01-09
CVE-2023-0035 [HIGH] CWE-287 CVE-2023-0035: softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an a softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
nvd
CVE-2025-41432P3HIGHCVSS 7.8≥ v5.0.3, ≤ v5.1.0.x2026-03-16
CVE-2025-41432 [HIGH] CWE-787 CVE-2025-41432: in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-inst in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.
nvd
CVE-2025-52458P3HIGHCVSS 7.8≥ v5.0.3, ≤ v5.1.0.x2026-03-16
CVE-2025-52458 [HIGH] CWE-787 CVE-2025-52458: in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-inst in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.
nvd
CVE-2025-27128P3HIGHCVSS 7.8≥ v5.0.3, ≤ v5.0.3.x2025-08-11
CVE-2025-27128 [HIGH] CWE-416 CVE-2025-27128: in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb thro in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.
nvd
Openharmony vulnerabilities | cvebase