CVE-2026-34866
Out-of-Bounds Write in WEB Module Affecting Availability, Confidentiality
Publication date: 2026-04-13
Last updated on: 2026-04-17
Assigner: Huawei Technologies
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| huawei | harmonyos | 6.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds write issue found in the WEB module. An out-of-bounds write occurs when a program writes data outside the boundaries of allocated memory, which can lead to unexpected behavior or system instability.
How can this vulnerability impact me? :
Successful exploitation of this vulnerability can impact the availability and confidentiality of the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability affects confidentiality and availability, which are key aspects addressed by standards like GDPR and HIPAA. A successful exploitation could lead to unauthorized data modification or service disruption, potentially resulting in non-compliance with these regulations' requirements for data protection and system availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, it is recommended to apply the latest security updates provided by the vendor. Huawei released an April 2026 security update that addresses multiple vulnerabilities in HarmonyOS-based devices, including those affecting various modules.
Ensuring your Huawei HarmonyOS devices are updated to the latest firmware version will help protect against this out-of-bounds write vulnerability in the WEB module.