PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-31370 Honor CVE debrief

CVE-2026-31370 is an information disclosure vulnerability affecting Honor E APP. The published NVD vector indicates network exposure with low attack complexity and user interaction required, and the issue is assessed as having a confidentiality impact. The official record also maps the weakness to CWE-200. As of the latest NVD update on 2026-05-10, the vulnerability status is Deferred, and the public record remains limited to the vendor advisory and database entries.

Vendor
Honor
Product
Unknown
CVSS
MEDIUM 6.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-21
Original CVE updated
2026-05-10
Advisory published
2026-04-21
Advisory updated
2026-05-10

Who should care

Organizations and users that rely on Honor E APP should review this issue, especially where confidentiality of app-handled data matters. Security teams managing mobile application risk, endpoint hygiene, or user-awareness controls should treat this as a privacy-impacting defect rather than a benign nuisance.

Technical summary

The available record describes a disclosure flaw in Honor E APP, consistent with CWE-200. NVD assigns CVSS v3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L, which indicates a remotely reachable issue that does not require privileges but does require user interaction. The public description does not provide affected versions, attack preconditions beyond the CVSS vector, or remediation specifics.

Defensive priority

Medium. The issue is publicly documented and rated 6.3 (Medium), with confidentiality impact and user interaction required. Prioritize if Honor E APP is deployed in environments that process sensitive information or if end users may be exposed to untrusted content or prompts.

Recommended defensive actions

  • Review the official Honor security advisory for CVE-2026-31370 and apply any vendor guidance or updates it provides.
  • Inventory deployments of Honor E APP and identify where sensitive or regulated data may be exposed through the app.
  • Use mobile application update management to deploy any fixed version once available.
  • Reinforce user-awareness controls to reduce the likelihood of interaction with suspicious content or prompts.
  • Monitor NVD and the vendor advisory for status changes, clarifications, or remediation details.

Evidence notes

This debrief is limited to the supplied official records. The CVE description states that Honor E APP is affected by an information leak vulnerability and that successful exploitation may affect service confidentiality. NVD lists CVSS v3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L, CWE-200, and a deferred vulnerability status as of the 2026-05-10 modification. No affected version range or fix details were included in the supplied corpus.

Official resources

Publicly disclosed on 2026-04-21 via the CVE/NVD record and the official Honor security advisory reference. The latest supplied modification date is 2026-05-10; that is a record update date, not the original issue date.