CVE-2026-28536
Authentication Bypass in Huawei Device Module Affecting Integrity
Publication date: 2026-03-05
Last updated on: 2026-03-06
Assigner: Huawei Technologies
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| huawei | harmonyos | 5.1.0 |
| huawei | harmonyos | 6.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-305 | The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-28536 is an authentication bypass vulnerability found in the device authentication module of Huawei devices running HarmonyOS. This means that an attacker could bypass the normal authentication process, potentially gaining unauthorized access to the device.
Successful exploitation of this vulnerability compromises both the integrity and confidentiality of the affected system, making it a critical security issue.
How can this vulnerability impact me? :
Exploiting this vulnerability can lead to unauthorized access to the device, which compromises the integrity and confidentiality of the system.
This could result in attackers manipulating or stealing sensitive data, disrupting system operations, or gaining control over device functions.
Given its critical severity (CVSS score 9.6), the impact is significant and could lead to major security breaches.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-28536 authentication bypass vulnerability, you should immediately apply the security patches provided by Huawei in their March 2026 security update for HarmonyOS versions 6.0.0 and 5.1.0.
This update addresses the critical authentication bypass issue in the device authentication module and includes fixes for other vulnerabilities to enhance overall system security.