How serious is CVE-2026-28552?

This vulnerability has a CVSS score of 7.5 out of 10, classified as HIGH severity. No public exploit code has been identified yet.

Which products are affected by CVE-2026-28552?

CVE-2026-28552 affects huawei emui. Check the full CVE details for specific version information.

How do I fix CVE-2026-28552?

To remediate CVE-2026-28552, check for security patches from huawei. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-28552

High

|7.5

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

An attacker can exploit a flaw in the IMS module of Huawei's EMUI to write data outside of the intended memory space, potentially causing the system to crash or become unavailable. This vulnerability requires the attacker to have access to the device, making it more likely to affect users in specific environments.

Technical Description

Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactNone

Integrity ImpactNone

Availability ImpactHigh

ScopeUnchanged

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$2,053($1K-$5K)

Vendor Response

Grade APatched in 0 days

Quick Information

Published

Mar 5, 2026

about 1 month ago

Last Modified

Mar 5, 2026

about 1 month ago

Vendor

huawei

Product

emui

Related Vulnerabilities

CVE-2026-28551Medium

This vulnerability allows an attacker to disrupt the security management of Huawei devices running HarmonyOS, potentially causing the system to become unavailable. To exploit this issue, the attacker must be able to trigger a race condition, which occurs when two processes try to access the same resource at the same time.

CVE-2026-28549Medium

This vulnerability allows an attacker to disrupt the permission management system on HarmonyOS, potentially causing the service to become unavailable. To exploit this, the attacker needs to take advantage of a timing issue in how permissions are handled, which could lead to service interruptions.

CVE-2026-28548Medium

This vulnerability allows an attacker to potentially access sensitive information from the email application due to a failure in properly verifying user actions. To exploit this, the attacker would need to trick the application into accepting malicious inputs, which could compromise the confidentiality of user data.

CVE-2026-28547Medium

This vulnerability allows an attacker to potentially disrupt the operation of HarmonyOS by exploiting an issue with uninitialized pointers in the scanning module. Successful exploitation requires the attacker to have access to the affected system, which could lead to service interruptions or crashes.

CVE-2026-28546Medium

This vulnerability allows an attacker to crash the scanning module of HarmonyOS, potentially making the system unavailable. To exploit this, the attacker needs to send specially crafted input to the module, which could happen if the device is connected to a malicious network or application.