{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34861", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "state": "PUBLISHED", "assignerShortName": "huawei", "dateReserved": "2026-03-31T01:11:13.701Z", "datePublished": "2026-04-13T04:08:32.743Z", "dateUpdated": "2026-04-13T13:27:24.106Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-04-13T04:08:32.743Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "type": "CWE"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "6.0.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Race condition vulnerability in the thermal management module.\nImpact: Successful exploitation of this vulnerability may affect availability.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Race condition vulnerability in the thermal management module.<br>Impact: Successful exploitation of this vulnerability may affect availability."}]}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}, {"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/4/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T13:27:16.595628Z", "id": "CVE-2026-34861", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T13:27:24.106Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34861", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-13T13:27:16.595628Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T13:27:20.808Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "6.0.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}, {"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/4/"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Race condition vulnerability in the thermal management module.\nImpact: Successful exploitation of this vulnerability may affect availability.", "supportingMedia": [{"type": "text/html", "value": "Race condition vulnerability in the thermal management module.<br>Impact: Successful exploitation of this vulnerability may affect availability.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-04-13T04:08:32.743Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34861", "state": "PUBLISHED", "dateUpdated": "2026-04-13T13:27:24.106Z", "dateReserved": "2026-03-31T01:11:13.701Z", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "datePublished": "2026-04-13T04:08:32.743Z", "assignerShortName": "huawei"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0EBE30DD-E146-4A6A-BE68-DEF9D4D0B2A8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Race condition vulnerability in the thermal management module.\nImpact: Successful exploitation of this vulnerability may affect availability."}], "id": "CVE-2026-34861", "lastModified": "2026-04-15T20:09:19.557", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.5, "source": "psirt@huawei.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-13T05:16:03.953", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}, {"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/4/"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "psirt@huawei.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "HarmonyOS", "source": "cna", "vendor": "Huawei"}, "product": "harmonyos", "vendor": "huawei"}], "analysis": {"en": {"generated_at": "2026-04-13T06:23:55.502909+00:00", "value": {"mitigation_remediation": ["Check Huawei support bulletins for updates or patches and apply them promptly", "If a patch is unavailable, limit or isolate access to thermal management functions and monitor permissions for suspicious applications", "Monitor device for abnormal thermal behavior or repeated crashes and consider disabling high\u2011temperature features if they are not critical"], "summary": {"action": "Apply Patch", "impact": "Availability disruption (Denial of Service)"}, "threat_synthesis": {"affected_systems": "Huawei HarmonyOS. No specific versions are listed in the advisory, so all devices running HarmonyOS that include the vulnerable thermal management component may be affected.", "description_and_impact": "This vulnerability is a race condition located in the HarmonyOS thermal management module. When concurrent requests to the module occur, the order in which the code executes is not guaranteed, which can corrupt internal state and lead to unintended termination of services or the system itself. The primary consequence is a lack of availability for the affected device or application, as the malfunction can cause crashes or forced restarts. The weakness is classified as CWE-362, indicating a race condition.", "risk_and_exploitability": "The CVSS base score of 6.3 indicates a moderate to high risk. No EPSS data is available, and the vulnerability is not currently present in the CISA KEV catalog. The attack vector is not explicitly documented; based on the description, it is inferred that the race condition could be triggered by concurrent operations initiated by an application or the system itself. If an attacker can invoke competing thermal management calls\u2014either through a malicious app or by manipulating system processes\u2014they may exploit the condition to destabilize the OS, impacting system availability. Because no exploit has been reported yet, the likelihood of active exploitation is unknown, but the potential impact warrants immediate attention."}}}}, "created": "2026-04-13T12:37:28.081532+00:00", "title": "Race Condition in HarmonyOS Thermal Management Leading to Availability Issues", "updated": "2026-04-13T12:53:15.974917+00:00", "vendors": ["huawei", "huawei$PRODUCT$harmonyos"]}