PatchSiren cyber security CVE debrief

CVE-2026-31368 Honor CVE debrief

CVE-2026-31368 describes a type privilege bypass affecting AiAssistant. The issue is rated HIGH with a CVSS 3.1 score of 7.8, and the source description says successful exploitation may affect service availability. NVD further maps the weakness to CWE-269 and classifies the vulnerability status as Deferred. Because the vendor attribution in the supplied corpus is low-confidence, this should be treated as an Honor-linked AiAssistant issue pending any additional confirmation from the vendor advisory.

Vendor: Honor
Product: Unknown
CVSS: HIGH 7.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-04-21
Original CVE updated: 2026-05-10
Advisory published: 2026-04-21
Advisory updated: 2026-05-10

Who should care

Administrators and security teams responsible for devices or services running AiAssistant, especially where local users or low-privileged accounts may exist. Because the reported attack vector is local and requires low privileges, endpoint, fleet, and access-control owners should pay attention.

Technical summary

The available source material indicates a local privilege-related weakness in AiAssistant involving a type privilege bypass. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) suggests an attacker needs local access and low privileges, with no user interaction, and that the flaw could have high impact across confidentiality, integrity, and availability. The vendor reference points to an Honor security page, while NVD lists the vulnerability as Deferred and associates it with CWE-269 (Improper Privilege Management).

Defensive priority

High. The vulnerability is scored 7.8 and can be reached locally with low privileges, which makes it especially important on shared systems, managed endpoints, and any environment where untrusted local users or software can run.

Recommended defensive actions

Review the Honor security advisory linked in the source corpus for product-specific remediation guidance.
Verify whether AiAssistant is present in your environment and identify affected versions or deployments.
Apply vendor-provided updates, mitigations, or configuration changes as soon as they are available.
Restrict local access and limit low-privileged execution paths where practical until remediation is complete.
Monitor for abnormal privilege transitions, unexpected service disruption, or local security-control bypass behavior.
Track NVD and the vendor advisory for status changes, because NVD currently lists the issue as Deferred.

Evidence notes

All statements are limited to the supplied corpus and official links. The source description states that AiAssistant is affected by a type privilege bypass and that successful exploitation may affect service availability. NVD provides the CVSS vector (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), CWE-269 classification, and a Deferred vulnStatus. The vendor attribution is low-confidence in the corpus, so product naming should be treated cautiously pending further confirmation from the official Honor advisory.

Official resources

CVE-2026-31368 CVE record
CVE.org
CVE-2026-31368 NVD detail
NVD
Source item URL
nvd_modified
Source reference
3836d913-7555-4dd0-a509-f5667fdf5fe4

CVE published 2026-04-21T07:16:07.923Z; modified 2026-05-10T20:16:27.510Z. Source and CVE timing match the supplied record.