PatchSiren cyber security CVE debrief
CVE-2026-41974 Huawei CVE debrief
CVE-2026-41974 is a low-severity vulnerability (CVSS Score: 3.6) affecting an unknown vendor's product, potentially impacting availability through a permission control issue in service notifications. The CVE was published on 2026-06-09T08:16:27.700Z and last modified on 2026-06-09T13:34:58.997Z. The vendor is currently listed as 'Unknown Vendor' but evidence suggests a potential link to Huawei. Official references are available from [Huawei's support bulletin](ref-4) and [Huawei's support bulletin vision](ref-5).
- Vendor
- Huawei
- Product
- HarmonyOS
- CVSS
- LOW 3.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Security teams should be aware of this low-severity vulnerability, particularly if they use products from Huawei or similar vendors. Although the CVSS score is low, successful exploitation could impact service availability.
Technical summary
The vulnerability, described as a permission control issue in service notifications, has a CVSS vector of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L. It is categorized under CWE-264. The vulnerability's impact is limited to availability.
Defensive priority
Low
Recommended defensive actions
- Review and apply patches from the vendor once available.
- Monitor service notifications for potential exploitation attempts.
- Implement general security best practices to limit the attack surface.
Evidence notes
The vendor is currently listed as 'Unknown Vendor' but evidence suggests a potential link to Huawei (source: reference_domain_candidate).
Official resources
CVE-2026-41974 was published on 2026-06-09T08:16:27.700Z and last modified on 2026-06-09T13:34:58.997Z.