CVE-2026-34860
Access Control Vulnerability in Memo Module Affecting Availability, Confidentiality
Publication date: 2026-04-13
Last updated on: 2026-04-16
Assigner: Huawei Technologies
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| huawei | harmonyos | 5.1.0 |
| huawei | harmonyos | 6.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an access control issue found in the memo module. It means that the system does not properly restrict access to certain functions or data within this module.
How can this vulnerability impact me? :
If this vulnerability is successfully exploited, it can impact both the availability and confidentiality of the affected system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the access control vulnerability in the memo module affecting Huawei HarmonyOS, it is recommended to apply the latest security updates and patches provided by Huawei for HarmonyOS 6.0.0.
The April 2026 security bulletin for Huawei devices addresses multiple vulnerabilities including those in the memo module, so ensuring your system is updated to the latest patched version will help reduce the risk of exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability affects availability and confidentiality, which are key aspects of compliance with standards such as GDPR and HIPAA.
Successful exploitation could lead to unauthorized access or denial of service, potentially resulting in breaches of personal data protection and system reliability requirements mandated by these regulations.