How serious is CVE-2026-28537?

This vulnerability has a CVSS score of 5.5 out of 10, classified as MEDIUM severity. No public exploit code has been identified yet.

Which products are affected by CVE-2026-28537?

CVE-2026-28537 affects huawei harmonyos. Check the full CVE details for specific version information.

How do I fix CVE-2026-28537?

To remediate CVE-2026-28537, check for security patches from huawei. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-28537

Medium

|5.5

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker to crash the HarmonyOS system by exploiting a flaw in the window module, which could lead to the system becoming unavailable. To successfully exploit this issue, the attacker would need to have access to the affected system and be able to trigger the specific conditions that cause the double free error.

Technical Description

Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability.

CVSS Vector Analysis

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

Confidentiality ImpactNone

Integrity ImpactNone

Availability ImpactHigh

ScopeUnchanged

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$759($500-$1K)

Vendor Response

Grade APatched in 0 days

Quick Information

Published

Mar 5, 2026

about 1 month ago

Last Modified

Mar 5, 2026

about 1 month ago

Vendor

huawei

Product

harmonyos

Related Vulnerabilities

CVE-2026-28551Medium

This vulnerability allows an attacker to disrupt the security management of Huawei devices running HarmonyOS, potentially causing the system to become unavailable. To exploit this issue, the attacker must be able to trigger a race condition, which occurs when two processes try to access the same resource at the same time.

CVE-2026-28549Medium

This vulnerability allows an attacker to disrupt the permission management system on HarmonyOS, potentially causing the service to become unavailable. To exploit this, the attacker needs to take advantage of a timing issue in how permissions are handled, which could lead to service interruptions.

CVE-2026-28548Medium

This vulnerability allows an attacker to potentially access sensitive information from the email application due to a failure in properly verifying user actions. To exploit this, the attacker would need to trick the application into accepting malicious inputs, which could compromise the confidentiality of user data.

CVE-2026-28547Medium

This vulnerability allows an attacker to potentially disrupt the operation of HarmonyOS by exploiting an issue with uninitialized pointers in the scanning module. Successful exploitation requires the attacker to have access to the affected system, which could lead to service interruptions or crashes.

CVE-2026-28546Medium

This vulnerability allows an attacker to crash the scanning module of HarmonyOS, potentially making the system unavailable. To exploit this, the attacker needs to send specially crafted input to the module, which could happen if the device is connected to a malicious network or application.