{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34852", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "state": "PUBLISHED", "assignerShortName": "huawei", "dateReserved": "2026-03-31T01:11:13.700Z", "datePublished": "2026-04-13T03:46:59.624Z", "dateUpdated": "2026-04-13T18:06:17.414Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-04-13T03:46:59.624Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-835", "description": "CWE-835 Loop with unreachable exit condition ('infinite loop')", "type": "CWE"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "6.0.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Stack overflow vulnerability in the media platform.\nImpact: Successful exploitation of this vulnerability may affect availability.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Stack overflow vulnerability in the media platform.<br>Impact: Successful exploitation of this vulnerability may affect availability."}]}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}, {"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/4/"}, {"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/4/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34852", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T17:36:00.737494Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T18:06:17.414Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34852", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T17:36:00.737494Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T17:57:48.803Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "6.0.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}, {"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/4/"}, {"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/4/"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Stack overflow vulnerability in the media platform.\nImpact: Successful exploitation of this vulnerability may affect availability.", "supportingMedia": [{"type": "text/html", "value": "Stack overflow vulnerability in the media platform.<br>Impact: Successful exploitation of this vulnerability may affect availability.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-835", "description": "CWE-835 Loop with unreachable exit condition ('infinite loop')"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-04-13T03:46:59.624Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34852", "state": "PUBLISHED", "dateUpdated": "2026-04-13T18:06:17.414Z", "dateReserved": "2026-03-31T01:11:13.700Z", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "datePublished": "2026-04-13T03:46:59.624Z", "assignerShortName": "huawei"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0EBE30DD-E146-4A6A-BE68-DEF9D4D0B2A8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack overflow vulnerability in the media platform.\nImpact: Successful exploitation of this vulnerability may affect availability."}], "id": "CVE-2026-34852", "lastModified": "2026-04-16T04:54:38.750", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 4.7, "source": "psirt@huawei.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-13T04:16:11.727", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}, {"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/4/"}, {"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/4/"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "psirt@huawei.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "HarmonyOS", "source": "cna", "vendor": "Huawei"}, "product": "harmonyos", "vendor": "huawei"}], "analysis": {"en": {"generated_at": "2026-04-13T05:50:29.059615+00:00", "value": {"mitigation_remediation": ["Apply the official Huawei HarmonyOS patch as soon as it becomes available.", "If a patch is not yet released, restrict or disable media platform functionality to prevent crashes.", "Avoid opening or playing unknown media files from untrusted sources until a patch is applied.", "Regularly check Huawei support pages and security bulletins for updates."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected systems are all Huawei devices running HarmonyOS that include the media platform. Because no specific firmware or software version is supplied, every HarmonyOS installation is potentially vulnerable until an update is applied.", "description_and_impact": "The vulnerability is a stack overflow in the media platform component of Huawei HarmonyOS, classified as CWE\u2011835. An attacker who can provide malicious media content may overflow the stack, corrupt control data, and crash the media service. This results in a denial of service that disrupts system availability but does not grant arbitrary code execution or data disclosure.", "risk_and_exploitability": "The CVSS score of 6.1 indicates moderate severity. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, suggesting a low to moderate likelihood of widespread exploitation. The attack vector is inferred to involve delivery of malicious media locally or through network channels, but explicit details are not provided in the description."}}}}, "created": "2026-04-13T12:37:42.348673+00:00", "title": "Stack Overflow in HarmonyOS Media Platform Causes Denial of Service", "updated": "2026-04-13T12:53:29.762830+00:00", "vendors": ["huawei", "huawei$PRODUCT$harmonyos"]}