{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34860", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "state": "PUBLISHED", "assignerShortName": "huawei", "dateReserved": "2026-03-31T01:11:13.701Z", "datePublished": "2026-04-13T03:49:25.953Z", "dateUpdated": "2026-04-13T18:06:17.252Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-04-13T03:49:25.953Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "type": "CWE"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "6.0.0"}, {"status": "affected", "version": "5.1.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Access control vulnerability in the memo module.\nImpact: Successful exploitation of this vulnerability will affect availability and confidentiality.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Access control vulnerability in the memo module.<br>Impact: Successful exploitation of this vulnerability will affect availability and confidentiality."}]}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}, {"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/4/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseSeverity": "MEDIUM", "baseScore": 4.1, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:L"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34860", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T17:35:51.332677Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T18:06:17.252Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34860", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T17:35:51.332677Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T17:57:46.651Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "6.0.0"}, {"status": "affected", "version": "5.1.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}, {"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/4/"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Access control vulnerability in the memo module.\nImpact: Successful exploitation of this vulnerability will affect availability and confidentiality.", "supportingMedia": [{"type": "text/html", "value": "Access control vulnerability in the memo module.<br>Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-04-13T03:49:25.953Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34860", "state": "PUBLISHED", "dateUpdated": "2026-04-13T18:06:17.252Z", "dateReserved": "2026-03-31T01:11:13.701Z", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "datePublished": "2026-04-13T03:49:25.953Z", "assignerShortName": "huawei"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Access control vulnerability in the memo module.\nImpact: Successful exploitation of this vulnerability will affect availability and confidentiality."}], "id": "CVE-2026-34860", "lastModified": "2026-04-13T15:01:43.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 2.7, "source": "psirt@huawei.com", "type": "Secondary"}]}, "published": "2026-04-13T04:16:12.650", "references": [{"source": "psirt@huawei.com", "url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}, {"source": "psirt@huawei.com", "url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/4/"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "psirt@huawei.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "HarmonyOS", "source": "cna", "vendor": "Huawei"}, "product": "harmonyos", "vendor": "huawei"}], "analysis": {"en": {"generated_at": "2026-04-13T05:21:13.549946+00:00", "value": {"mitigation_remediation": ["Check the Huawei support bulletins for available patches or updates for HarmonyOS", "Apply any released firmware or OS update that addresses memo module access controls", "If an update is not yet available, monitor Huawei announcements and apply interim access controls such as limiting user permissions or disabling memo features until a fix is released"], "summary": {"action": "Apply Patch", "impact": "Availability and Confidentiality compromise"}, "threat_synthesis": {"affected_systems": "The defect affects devices running Huawei HarmonyOS. No specific version ranges are disclosed in the current advisory; however, any HarmonyOS installation containing the memo module is potentially susceptible.", "description_and_impact": "An improper access control defect has been identified in HarmonyOS\u2019s memo module, allowing an attacker to bypass normal permissions and read or modify memo data that should be restricted. The vulnerability can lead to the disclosure of private information and to disruption of the memo feature, thereby impacting both confidentiality and availability for affected devices.", "risk_and_exploitability": "The issue carries a CVSS base score of 4.1, indicating moderate risk. The exploit probability (EPSS) is not reported, and the vulnerability is not listed in CISA\u2019s KEV catalog, suggesting limited widespread exploitation. Attack vectors are not detailed in the advisory; it is inferred that local or network-based access may be required to exploit the memo module, though definitive conditions are not provided."}}}}, "created": "2026-04-13T12:37:41.272778+00:00", "title": "Access Control Weakness in HarmonyOS Memo Module", "updated": "2026-04-13T12:53:28.776786+00:00", "vendors": ["huawei", "huawei$PRODUCT$harmonyos"]}