PatchSiren cyber security CVE debrief
CVE-2026-41972 Huawei CVE debrief
A path traversal vulnerability was discovered in the SMS app, which could allow an attacker to affect availability. The vulnerability has a CVSS score of 5.4 and is classified as MEDIUM severity. It was published on 2026-06-09T08:16:27.457Z and last modified on 2026-06-09T13:34:58.997Z.
- Vendor
- Huawei
- Product
- HarmonyOS
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Users of the affected SMS app should apply patches or mitigations to prevent exploitation.
Technical summary
The vulnerability is a path traversal issue in the SMS app, which could allow an attacker to manipulate file paths and affect availability. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or mitigations provided by the vendor to fix the path traversal vulnerability.
- Restrict access to the SMS app to prevent unauthorized exploitation.
- Monitor the app's logs for suspicious activity.
Evidence notes
The vendor is identified as Huawei, based on evidence from the source reference [ref-4].
Official resources
-
CVE-2026-41972 CVE record
CVE.org
-
CVE-2026-41972 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-41972 was published on 2026-06-09T08:16:27.457Z and last modified on 2026-06-09T13:34:58.997Z.