{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24924", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "state": "PUBLISHED", "assignerShortName": "huawei", "dateReserved": "2026-01-28T06:05:05.257Z", "datePublished": "2026-02-06T09:04:28.125Z", "dateUpdated": "2026-03-05T08:34:32.743Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HarmonyOS", "vendor": "Huawei", "versions": [{"status": "affected", "version": "6.0.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Vulnerability of improper permission control in the print module.<br>Impact: Successful exploitation of this vulnerability may affect service confidentiality."}], "value": "Vulnerability of improper permission control in the print module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-264", "description": "CWE-264 Permissions, Privileges, and Access Controls", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-03-05T08:34:32.743Z"}, "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-06T16:07:42.450468Z", "id": "CVE-2026-24924", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T16:10:32.047Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24924", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-06T16:07:42.450468Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T16:09:09.191Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "6.0.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Vulnerability of improper permission control in the print module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.", "supportingMedia": [{"type": "text/html", "value": "Vulnerability of improper permission control in the print module.<br>Impact: Successful exploitation of this vulnerability may affect service confidentiality.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-264", "description": "CWE-264 Permissions, Privileges, and Access Controls"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-03-05T08:34:32.743Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24924", "state": "PUBLISHED", "dateUpdated": "2026-03-05T08:34:32.743Z", "dateReserved": "2026-01-28T06:05:05.257Z", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "datePublished": "2026-02-06T09:04:28.125Z", "assignerShortName": "huawei"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0EBE30DD-E146-4A6A-BE68-DEF9D4D0B2A8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability of improper permission control in the print module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality."}, {"lang": "es", "value": "Vulnerabilidad de control de permisos inadecuado en el m\u00f3dulo de impresi\u00f3n.\nImpacto: La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio."}], "id": "CVE-2026-24924", "lastModified": "2026-03-05T09:16:10.840", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "psirt@huawei.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-06T10:16:07.537", "references": [{"source": "psirt@huawei.com", "url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "psirt@huawei.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-17T22:46:10.252863+00:00", "value": {"mitigation_remediation": ["Apply any official HarmonyOS update that addresses the print module permission issue, as indicated on Huawei\u2019s support bulletin.", "Limit print service access to authenticated and privileged users; remove or disable guest printing permissions on all affected devices.", "If the print function is not required for normal operation, disable the print service or remove the related application package entirely."], "summary": {"action": "Assess Impact", "impact": "Confidentiality Disclosure"}, "threat_synthesis": {"affected_systems": "Huawei HarmonyOS version 6.0.0 is affected, as indicated by the vendor/product list and CPE entry. All devices running this operating system version that still expose the print module are potentially vulnerable. The issue applies to the general HarmonyOS print service and does not seem isolated to a specific device or manufacturer model within the ecosystem.", "description_and_impact": "The flaw arises from improper permission control within HarmonyOS\u2019s print module. According to the description, an attacker who successfully exploits this weakness can access service\u2011related confidential information. The weakness is classified as CWE\u2011264, which denotes inappropriate privilege management. Because the vulnerability is present in the print component, a successful exploitation could expose private data that is normally protected from unauthorized users.", "risk_and_exploitability": "The CVSS score of 6.1 reflects a moderate impact, while the EPSS score of less than 1 percent suggests that the exploitation probability is very low under current conditions. The vulnerability is not listed in the CISA KEV catalog, further supporting the notion that widespread attacks are unlikely. An attacker would need to locate and manipulate the print module\u2019s permission configuration, which is typically only possible through local device access or by abusing a feature that exposes print capabilities over a network. No publicly disclosed exploits or proof\u2011of\u2011concept code are linked to this CVE, so the attack path remains theoretical at present."}}}}, "created": "2026-02-09T10:52:29.149119+00:00", "title": "Improper Permission Control in HarmonyOS Print Module", "updated": "2026-04-17T23:00:12.612883+00:00", "vendors": ["huawei", "huawei$PRODUCT$harmonyos"]}