{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28547", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "state": "PUBLISHED", "assignerShortName": "huawei", "dateReserved": "2026-02-28T03:58:12.088Z", "datePublished": "2026-03-05T08:16:01.465Z", "dateUpdated": "2026-03-05T15:40:27.836Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HarmonyOS", "vendor": "Huawei", "versions": [{"status": "affected", "version": "6.0.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability."}], "value": "Vulnerability of uninitialized pointer access in the scanning module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-824", "description": "CWE-824 Access of Uninitialized Pointer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-03-05T08:16:01.465Z"}, "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"}, {"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-05T15:28:49.276928Z", "id": "CVE-2026-28547", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T15:40:27.836Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28547", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-05T15:28:49.276928Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T15:28:50.327Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "6.0.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"}, {"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Vulnerability of uninitialized pointer access in the scanning module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability.", "supportingMedia": [{"type": "text/html", "value": "Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-824", "description": "CWE-824 Access of Uninitialized Pointer"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-03-05T08:16:01.465Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28547", "state": "PUBLISHED", "dateUpdated": "2026-03-05T15:40:27.836Z", "dateReserved": "2026-02-28T03:58:12.088Z", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "datePublished": "2026-03-05T08:16:01.465Z", "assignerShortName": "huawei"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0EBE30DD-E146-4A6A-BE68-DEF9D4D0B2A8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability of uninitialized pointer access in the scanning module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."}], "id": "CVE-2026-28547", "lastModified": "2026-03-05T21:44:41.953", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 4.2, "source": "psirt@huawei.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-05T09:16:11.400", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"}, {"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-824"}], "source": "psirt@huawei.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "HarmonyOS", "source": "cna", "vendor": "Huawei"}, "product": "harmonyos", "vendor": "huawei"}], "analysis": {"en": {"generated_at": "2026-04-16T12:26:43.169036+00:00", "value": {"mitigation_remediation": ["Apply the latest HarmonyOS security bulletin that includes a fix for the scanning module.", "Limit user privileges so that only trusted processes can invoke the scanning functionality.", "Reboot the device after applying the update to ensure the new code is loaded."], "summary": {"action": "Patch Immediately", "impact": "Availability (Denial of Service)"}, "threat_synthesis": {"affected_systems": "The affected product is Huawei\u2019s HarmonyOS operating system, specifically version 6.0.0 as indicated by the CPE string. No additional affected releases are listed, so it is prudent to assume that later HarmonyOS iterations could also be vulnerable if they incorporate the same scanning module code without rectification.", "description_and_impact": "A flaw in the HarmonyOS scanning module allows an attacker to trigger an uninitialized pointer access, which can lead to memory corruption and crash the device. The vulnerability is classified as CWE-824, indicating a use\u2011after\u2011free or pointer misuse scenario that threatens the system\u2019s availability by potentially causing a denial of service. The CVE description explicitly states that successful exploitation may affect availability, underscoring the operational impact.", "risk_and_exploitability": "The CVSS score of 6.8 reflects moderate severity. The EPSS score under 1% indicates a very low probability that the vulnerability will be actively exploited in the wild. The vulnerability is not listed in the CISA KEV catalog, further suggesting limited real\u2011world exploitation. Based on the description, it is inferred that the attack vector is local; an attacker would need to invoke the scanning module, perhaps via user interaction or a local process, to trigger the uninitialized pointer access. There is no evidence in the data of a remote exploitation path. The impact remains a crash or reboot that impairs availability, with no known privilege escalation or confidentiality breach."}}}}, "created": "2026-03-06T15:07:49.581389+00:00", "title": "Uninitialized Pointer Access in HarmonyOS Scanning Module Leading to Availability Impact", "updated": "2026-04-16T12:30:06.117900+00:00", "vendors": ["huawei", "huawei$PRODUCT$harmonyos"]}