{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28552", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "state": "PUBLISHED", "assignerShortName": "huawei", "dateReserved": "2026-02-28T03:58:12.089Z", "datePublished": "2026-03-05T07:45:56.482Z", "dateUpdated": "2026-03-05T15:41:13.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HarmonyOS", "vendor": "Huawei", "versions": [{"status": "affected", "version": "6.0.0"}, {"status": "affected", "version": "5.1.0"}, {"status": "affected", "version": "4.3.1"}, {"status": "affected", "version": "4.3.0"}, {"status": "affected", "version": "4.2.0"}, {"status": "affected", "version": "4.0.0"}]}, {"defaultStatus": "unaffected", "product": "EMUI", "vendor": "Huawei", "versions": [{"status": "affected", "version": "15.0.0"}, {"status": "affected", "version": "14.2.0"}, {"status": "affected", "version": "14.0.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability."}], "value": "Out-of-bounds write vulnerability in the IMS module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-19", "description": "CWE-19 Data Processing Errors", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-03-05T07:45:56.482Z"}, "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"}, {"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/3/"}, {"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-05T15:29:06.375574Z", "id": "CVE-2026-28552", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T15:41:13.000Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28552", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-05T15:29:06.375574Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T15:29:07.402Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "6.0.0"}, {"status": "affected", "version": "5.1.0"}, {"status": "affected", "version": "4.3.1"}, {"status": "affected", "version": "4.3.0"}, {"status": "affected", "version": "4.2.0"}, {"status": "affected", "version": "4.0.0"}], "defaultStatus": "unaffected"}, {"vendor": "Huawei", "product": "EMUI", "versions": [{"status": "affected", "version": "15.0.0"}, {"status": "affected", "version": "14.2.0"}, {"status": "affected", "version": "14.0.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"}, {"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/3/"}, {"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Out-of-bounds write vulnerability in the IMS module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability.", "supportingMedia": [{"type": "text/html", "value": "Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-19", "description": "CWE-19 Data Processing Errors"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-03-05T07:45:56.482Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28552", "state": "PUBLISHED", "dateUpdated": "2026-03-05T15:41:13.000Z", "dateReserved": "2026-02-28T03:58:12.089Z", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "datePublished": "2026-03-05T07:45:56.482Z", "assignerShortName": "huawei"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:emui:14.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "32FBF39A-164F-4F98-AB49-28C50A430C36", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:emui:14.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4AA76C33-8D23-490B-B620-C24EDCC86A56", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:emui:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "888C5BD7-421B-4A85-8719-BFEE3C215527", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2401DE15-9DBF-4645-A261-8C24D57C6342", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "082BBC06-A0B2-481E-BF6F-56180E17ABEF", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "6EA69843-EC8D-42E2-900E-017D2B502E9E", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E39DE6A6-CBE6-4086-93CD-113D1B3BA730", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0EBE30DD-E146-4A6A-BE68-DEF9D4D0B2A8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds write vulnerability in the IMS module.\u00a0Impact: Successful exploitation of this vulnerability may affect availability."}], "id": "CVE-2026-28552", "lastModified": "2026-03-05T21:41:19.967", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.2, "source": "psirt@huawei.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-05T08:15:59.793", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"}, {"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"}, {"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/3/"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-19"}], "source": "psirt@huawei.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "15.0.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "14.2.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "14.0.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "EMUI", "source": "cna", "vendor": "Huawei"}, "product": "emui", "vendor": "huawei"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.1.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.3.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.3.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.2.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.0.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "HarmonyOS", "source": "cna", "vendor": "Huawei"}, "product": "harmonyos", "vendor": "huawei"}], "analysis": {"en": {"generated_at": "2026-04-16T12:29:01.114492+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware update for EMUI or HarmonyOS once released by Huawei", "If an update is unavailable, disable or restrict use of the IMS module or the services that rely on it to limit the exposure surface", "Implement monitoring of system logs for abnormal behavior potentially linked to out-of-bounds writes and enforce least privilege for processes interacting with the IMS module"], "summary": {"action": "Update Firmware", "impact": "Availability disruption caused by out-of-bounds write in the IMS module"}, "threat_synthesis": {"affected_systems": "Huawei EMUI versions 14.0.0, 14.2.0, and 15.0.0 and Huawei HarmonyOS versions 4.0.0, 4.2.0, 4.3.0, 4.3.1, 5.1.0, and 6.0.0 are affected. The vulnerability is present in the IMS module across all listed firmware builds, with no documented fix or patch in the provided data.", "description_and_impact": "A buffer overflow in the IMS module allows an attacker to write data beyond the intended memory boundaries, potentially disrupting system operation. The flaw is identified as an out-of-bounds write and is linked to integer overflow weaknesses. Successful exploitation may lead to service interruption or loss of system availability.", "risk_and_exploitability": "The CVSS score of 6.5 indicates a moderate severity level. The EPSS score of less than 1% suggests a low probability of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is not explicitly stated, but the impact on availability implies that localized execution or interaction with vulnerable services could be sufficient to trigger the flaw, making it a concern for devices running the impacted operating systems."}}}}, "created": "2026-03-06T15:07:56.100678+00:00", "title": "IMS Module Out\u2011of\u2011Bounds Write Causing Availability Disruption", "updated": "2026-04-16T12:30:06.122149+00:00", "vendors": ["huawei", "huawei$PRODUCT$emui", "huawei$PRODUCT$harmonyos"]}