PatchSiren cyber security CVE debrief
CVE-2026-41976 Huawei CVE debrief
A Permission control vulnerability in the audio framework (CVE-2026-41976) was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-41976). The vulnerability has a CVSS score of 6.6 and is classified as MEDIUM severity. According to the CVE description, successful exploitation of this vulnerability may affect service confidentiality. The vulnerability was [cvePublishedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-41976) on 2026-06-09T08:16:27.810Z and last modified on 2026-06-09T13:34:58.997Z. The vendor is currently listed as Unknown Vendor, however, evidence suggests the vulnerability may be related to Huawei. For more information, see [ref-4](https://consumer.huawei.com/en/support/bulletin/2026/6/) and [ref-5](https://consumer.huawei.com/en/support/bulletinvision/2026/6/).
- Vendor
- Huawei
- Product
- HarmonyOS
- CVSS
- MEDIUM 6.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
This vulnerability may be relevant to organizations using the affected product. Users should review the CVE and vendor advisories for more information.
Technical summary
The vulnerability is a permission control issue in the audio framework, with a CVSS vector of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L. It is classified under CWE-275.
Defensive priority
MEDIUM
Recommended defensive actions
- Review the CVE and vendor advisories for more information.
- Apply patches or mitigations as recommended by the vendor.
Evidence notes
The vendor is currently listed as Unknown Vendor, however, evidence suggests the vulnerability may be related to Huawei.
Official resources
This debrief is based on publicly available information and is intended for general informational purposes only.