Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

OpenHarmony — Vulnerabilities & Security Advisories 177

Browse all 177 CVE security advisories affecting OpenHarmony. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OpenHarmony is an open-source operating system designed for distributed scenarios across smart devices, IoT, and industrial applications. Its architecture emphasizes modularity and scalability, allowing developers to tailor the system for diverse hardware constraints. Historically, the project has faced 167 recorded Common Vulnerabilities and Exposures (CVEs), with recurring issues primarily involving buffer overflows, use-after-free errors, and improper input validation. These flaws often lead to remote code execution or privilege escalation, particularly within the device communication and permission management modules. While no single catastrophic incident has defined its history, the high volume of CVEs highlights challenges in maintaining rigorous security standards across its fragmented ecosystem. The project relies on community-driven patches and formal verification efforts to mitigate risks, though the complexity of its distributed nature continues to present significant attack surface challenges for security researchers and administrators alike.

Top products by OpenHarmony: OpenHarmony
CVE IDTitleCVSSSeverityPublished
CVE-2026-33565 kernel_linux_common_modules has a Race Condition vulnerability — OpenHarmonyCWE-364 3.3 Low2026-05-19
CVE-2026-28733 filemanagement_storage_service has an use after free vulnerability — OpenHarmonyCWE-416 6.5 Medium2026-05-19
CVE-2026-27766 multimedia_audio_framework has a Race Condition vulnerability — OpenHarmonyCWE-364 5.5 Medium2026-05-19
CVE-2026-25850 filemanagement_storage_service has an improper preservation of permissions vulnerability — OpenHarmonyCWE-281 5.5 Medium2026-05-19
CVE-2026-25781 kernel_liteos_a has an out-of-bounds write vulnerability — OpenHarmonyCWE-787 8.4 High2026-05-19
CVE-2026-28751 filemanagement_storage_service has an improper input validation vulnerability — OpenHarmonyCWE-20 3.3 Low2026-05-19
CVE-2026-27781 kernel_liteos_a has an integer overflow vulnerability — OpenHarmonyCWE-190 3.3 Low2026-05-19
CVE-2026-27648 web_webview has an out-of-bounds write vulnerability — OpenHarmonyCWE-787 8.8 High2026-05-19
CVE-2026-25110 Sensors_medical_sensor has a NULL pointer dereference vulnerability — OpenHarmonyCWE-476 3.3 Low2026-05-19
CVE-2026-24792 web_webview has a Race Condition vulnerability — OpenHarmonyCWE-364 8.1 High2026-05-19
CVE-2025-6969 ability_ability_runtime an improper input validation vulnerability — OpenHarmonyCWE-20 5.0 Medium2026-03-16
CVE-2025-26474 communication_ipc an improper input validation vulnerability — OpenHarmonyCWE-20 3.3 Low2026-03-16
CVE-2025-52458 arkcompiler_ets_runtime has an out-of-bounds write vulnerability — OpenHarmonyCWE-787 5.5 Medium2026-03-16
CVE-2025-41432 arkcompiler_ets_runtime has an out-of-bounds write vulnerability — OpenHarmonyCWE-787 5.5 Medium2026-03-16
CVE-2025-25277 arkcompiler_ets_runtime has a type confusion vulnerability — OpenHarmonyCWE-843 6.3 Medium2026-03-16
CVE-2025-12736 multimedia_audio_standard has an insecure storage of sensitive information vulnerability — OpenHarmonyCWE-908 6.5 Medium2026-03-16
CVE-2026-0639 liteos_a has a missing release of memory vulnerability — OpenHarmonyCWE-401 3.3 Low2026-03-16
CVE-2025-27562 communication_dsoftbus has a missing release of memory vulnerability — OpenHarmonyCWE-401 3.3 Low2025-08-11
CVE-2025-27128 liteos_a has an UAF vulnerability — OpenHarmonyCWE-416 8.4 High2025-08-11
CVE-2025-25212 pasteboard has an improper input vulnerability — OpenHarmonyCWE-20 3.3 Low2025-08-11
CVE-2025-24844 communication_dsoftbus has a missing release of memory vulnerability — OpenHarmonyCWE-401 3.3 Low2025-08-11
CVE-2025-27536 arkcompiler_ets_runtime has a type confusion vulnerability — OpenHarmonyCWE-843 3.3 Low2025-08-11
CVE-2025-26690 communication dsoftbus has a NULL pointer vulnerability — OpenHarmonyCWE-476 3.3 Low2025-08-11
CVE-2025-24925 applications_settings has a missing release of memory vulnerability — OpenHarmonyCWE-401 3.3 Low2025-08-11
CVE-2025-24298 liteos_a has an UAF vulnerability — OpenHarmonyCWE-416 8.4 High2025-08-11
CVE-2025-25278 liteos_a has a race condition vulnerability — OpenHarmonyCWE-362 8.4 High2025-08-11
CVE-2025-27577 liteos_a has a race condition vulnerability — OpenHarmonyCWE-362 8.4 High2025-08-11
CVE-2025-27247 Pasteboard has an improper preservation of permissions vulnerability — OpenHarmonyCWE-281 5.5 Medium2025-06-08
CVE-2025-27242 Ssecurity_component_manager has an improper input vulnerability — OpenHarmonyCWE-20 3.3 Low2025-06-08
CVE-2025-27563 security_access_token has an improper preservation of permissions vulnerability — OpenHarmonyCWE-281 3.3 Low2025-06-08

This page lists every published CVE security advisory associated with OpenHarmony. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.