Out-of-Bounds Write Vulnerability in Huawei WEB Module
CVE-2026-34865

10CRITICAL

Key Information:

Vendor: Huawei
Status: Harmonyos
Vendor: CVE Published:; 13 April 2026

What is CVE-2026-34865?

The WEB module from Huawei is vulnerable to an out-of-bounds write issue that could lead to unauthorized access and impact both system availability and data confidentiality. Exploitation of this vulnerability may allow attackers to manipulate memory outside the boundaries allocated for the module's data, potentially resulting in system instability or unauthorized data exposure.

Affected Version(s)

HarmonyOS 6.0.0

References

https://consumer.huawei.com/en/support/bulletinwearables/...

CVSS V4

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2026
Vulnerability Reserved
Mar 31, 2026

CVE-2026-34865 Data

JSON