{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34864", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "state": "PUBLISHED", "assignerShortName": "huawei", "dateReserved": "2026-03-31T01:11:13.701Z", "datePublished": "2026-04-13T04:11:34.262Z", "dateUpdated": "2026-04-13T13:18:22.479Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-04-13T04:11:34.262Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "type": "CWE"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "6.0.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Boundary-unlimited vulnerability in the application read module.\nImpact: Successful exploitation of this vulnerability may affect availability.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Boundary-unlimited vulnerability in the application read module.<br>Impact: Successful exploitation of this vulnerability may affect availability."}]}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}, {"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/4/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T13:18:12.355483Z", "id": "CVE-2026-34864", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T13:18:22.479Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34864", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T13:18:12.355483Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T13:18:17.216Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "6.0.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}, {"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/4/"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Boundary-unlimited vulnerability in the application read module.\nImpact: Successful exploitation of this vulnerability may affect availability.", "supportingMedia": [{"type": "text/html", "value": "Boundary-unlimited vulnerability in the application read module.<br>Impact: Successful exploitation of this vulnerability may affect availability.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-04-13T04:11:34.262Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34864", "state": "PUBLISHED", "dateUpdated": "2026-04-13T13:18:22.479Z", "dateReserved": "2026-03-31T01:11:13.701Z", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "datePublished": "2026-04-13T04:11:34.262Z", "assignerShortName": "huawei"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Boundary-unlimited vulnerability in the application read module.\nImpact: Successful exploitation of this vulnerability may affect availability."}], "id": "CVE-2026-34864", "lastModified": "2026-04-13T15:01:43.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 4.2, "source": "psirt@huawei.com", "type": "Secondary"}]}, "published": "2026-04-13T05:16:04.550", "references": [{"source": "psirt@huawei.com", "url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}, {"source": "psirt@huawei.com", "url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/4/"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "psirt@huawei.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "HarmonyOS", "source": "cna", "vendor": "Huawei"}, "product": "harmonyos", "vendor": "huawei"}], "analysis": {"en": {"generated_at": "2026-04-13T06:52:42.108094+00:00", "value": {"mitigation_remediation": ["Retrieve the latest HarmonyOS security bulletin from Huawei\u2019s consumer support website and apply any provided patch immediately.", "If a patch is not yet available, disable or restrict access to the vulnerable application read module using device settings or administrative controls.", "Continuously review system logs for abnormal termination or crash events that may indicate attempts to exploit the vulnerability.", "Maintain the OS at the newest release to benefit from future security updates."], "summary": {"action": "Apply Patch", "impact": "Availability Impact"}, "threat_synthesis": {"affected_systems": "The vendor affected is Huawei, specifically its HarmonyOS operating system. No specific release numbers are mentioned, implying that all current HarmonyOS builds could be vulnerable until a vendor patch is applied.", "description_and_impact": "A boundary-unlimited flaw exists in HarmonyOS\u2019s application read module, allowing an attacker to supply input that exceeds expected limits. The weakness can trigger uncontrolled memory reads or writes, which may destabilize the application or the operating system, leading to crashes or forced restarts. This vulnerability is classified as CWE-119 and primarily carries availability implications rather than compromising confidentiality or integrity.", "risk_and_exploitability": "The CVSS score of 6.8 indicates moderate severity. Because EPSS data is missing and the flaw is not listed in CISA\u2019s KEV catalog, no widespread exploitation has been reported. Based on the description, the attack likely requires input directed at the vulnerable read module, which could be delivered locally or remotely depending on the exposed interfaces. Successful exploitation would result in application or system outages but is not believed to allow code execution or data disclosure."}}}}, "created": "2026-04-13T12:37:25.175541+00:00", "title": "HarmonyOS Application Read Module Boundary Overflow Vulnerability", "updated": "2026-04-13T12:53:12.996265+00:00", "vendors": ["huawei", "huawei$PRODUCT$harmonyos"]}