PatchSiren cyber security CVE debrief
CVE-2026-41984 Huawei CVE debrief
CVE-2026-41984 is a Use-After-Free (UAF) vulnerability in the package management module. Successful exploitation of this vulnerability may affect service integrity. The vulnerability has a CVSS score of 5.2 and is classified as MEDIUM severity.
- Vendor
- Huawei
- Product
- HarmonyOS
- CVSS
- MEDIUM 5.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
This vulnerability may impact users of the affected package management module, potentially affecting service integrity.
Technical summary
The vulnerability is caused by a Use-After-Free (UAF) issue in the package management module. The CVSS vector for this vulnerability is CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates provided by the vendor to address the vulnerability.
- Review and update security configurations to prevent exploitation.
Evidence notes
The vendor is identified as Huawei, based on evidence from the source reference.
Official resources
CVE-2026-41984 was published on 2026-06-09T08:16:28.413Z and modified on 2026-06-09T13:34:58.997Z.