Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

OpenHarmony — Vulnerabilities & Security Advisories 177

All 177 CVE vulnerabilities found in OpenHarmony, with AI-generated Chinese analysis, references, and POCs.

This page documents known security vulnerabilities affecting OpenHarmony, specifically focusing on software weaknesses tracked within the Common Weakness Enumeration framework. It aggregates data regarding diverse vulnerability types, including buffer overflows, injection flaws, permission bypasses, and resource management issues that arise during the development, deployment, or operation of the operating system. The collection covers historical and recent entries to provide a comprehensive view of the security landscape for this open-source project. Readers can use this resource to track advisories issued by the OpenHarmony vendor and its community contributors, gaining insight into how specific threat vectors are identified and mitigated over time. Furthermore, users can investigate the history of vulnerabilities linked to particular products or subsystems within the OpenHarmony ecosystem to understand patterns in software defects. This information supports security audits, patch management planning, and risk assessment efforts by allowing stakeholders to examine the chronological progression of reported issues. By centralizing these records, the page facilitates a deeper understanding of the effectiveness of remediation strategies and the evolving nature of security challenges in embedded and IoT environments that rely on OpenHarmony. The goal is to provide transparent, factual data that aids developers and administrators in maintaining robust security postures without promoting any specific vendor or solution.

Vendor: OpenHarmony

CVE IDTitleCVSSSeverityPublished
CVE-2026-33565 kernel_linux_common_modules has a Race Condition vulnerability CWE-364 3.3 Low2026-05-19
CVE-2026-28733 filemanagement_storage_service has an use after free vulnerability CWE-416 6.5 Medium2026-05-19
CVE-2026-27766 multimedia_audio_framework has a Race Condition vulnerability CWE-364 5.5 Medium2026-05-19
CVE-2026-25850 filemanagement_storage_service has an improper preservation of permissions vulnerability CWE-281 5.5 Medium2026-05-19
CVE-2026-25781 kernel_liteos_a has an out-of-bounds write vulnerability CWE-787 8.4 High2026-05-19
CVE-2026-28751 filemanagement_storage_service has an improper input validation vulnerability CWE-20 3.3 Low2026-05-19
CVE-2026-27781 kernel_liteos_a has an integer overflow vulnerability CWE-190 3.3 Low2026-05-19
CVE-2026-27648 web_webview has an out-of-bounds write vulnerability CWE-787 8.8 High2026-05-19
CVE-2026-25110 Sensors_medical_sensor has a NULL pointer dereference vulnerability CWE-476 3.3 Low2026-05-19
CVE-2026-24792 web_webview has a Race Condition vulnerability CWE-364 8.1 High2026-05-19
CVE-2025-6969 ability_ability_runtime an improper input validation vulnerability CWE-20 5.0 Medium2026-03-16
CVE-2025-26474 communication_ipc an improper input validation vulnerability CWE-20 3.3 Low2026-03-16
CVE-2025-52458 arkcompiler_ets_runtime has an out-of-bounds write vulnerability CWE-787 5.5 Medium2026-03-16
CVE-2025-41432 arkcompiler_ets_runtime has an out-of-bounds write vulnerability CWE-787 5.5 Medium2026-03-16
CVE-2025-25277 arkcompiler_ets_runtime has a type confusion vulnerability CWE-843 6.3 Medium2026-03-16
CVE-2025-12736 multimedia_audio_standard has an insecure storage of sensitive information vulnerability CWE-908 6.5 Medium2026-03-16
CVE-2026-0639 liteos_a has a missing release of memory vulnerability CWE-401 3.3 Low2026-03-16
CVE-2025-27562 communication_dsoftbus has a missing release of memory vulnerability CWE-401 3.3 Low2025-08-11
CVE-2025-27128 liteos_a has an UAF vulnerability CWE-416 8.4 High2025-08-11
CVE-2025-25212 pasteboard has an improper input vulnerability CWE-20 3.3 Low2025-08-11
CVE-2025-24844 communication_dsoftbus has a missing release of memory vulnerability CWE-401 3.3 Low2025-08-11
CVE-2025-27536 arkcompiler_ets_runtime has a type confusion vulnerability CWE-843 3.3 Low2025-08-11
CVE-2025-26690 communication dsoftbus has a NULL pointer vulnerability CWE-476 3.3 Low2025-08-11
CVE-2025-24925 applications_settings has a missing release of memory vulnerability CWE-401 3.3 Low2025-08-11
CVE-2025-24298 liteos_a has an UAF vulnerability CWE-416 8.4 High2025-08-11
CVE-2025-25278 liteos_a has a race condition vulnerability CWE-362 8.4 High2025-08-11
CVE-2025-27577 liteos_a has a race condition vulnerability CWE-362 8.4 High2025-08-11
CVE-2025-27247 Pasteboard has an improper preservation of permissions vulnerability CWE-281 5.5 Medium2025-06-08
CVE-2025-27242 Ssecurity_component_manager has an improper input vulnerability CWE-20 3.3 Low2025-06-08
CVE-2025-27563 security_access_token has an improper preservation of permissions vulnerability CWE-281 3.3 Low2025-06-08

All 177 known CVE vulnerabilities affecting OpenHarmony with full Chinese analysis, references, and POCs where available.