PatchSiren cyber security CVE debrief
CVE-2026-27781 OpenHarmony CVE debrief
A local denial-of-service vulnerability exists in OpenHarmony v6.0 and prior versions. The issue, classified as CWE-190 (Integer Overflow or Wraparound), allows a local attacker to cause a denial-of-service condition. The vulnerability has a CVSS 3.1 score of 3.3 (Low severity) with an attack vector requiring local access, low attack complexity, and low privileges. No user interaction is required. The NVD entry status is currently 'Deferred'. The OpenHarmony project has disclosed this issue through their security disclosure repository.
- Vendor
- OpenHarmony
- Product
- Unknown
- CVSS
- LOW 3.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-19
- Original CVE updated
- 2026-05-19
- Advisory published
- 2026-05-19
- Advisory updated
- 2026-05-19
Who should care
Organizations deploying OpenHarmony-based systems, IoT device manufacturers using OpenHarmony, and security teams managing embedded Linux environments
Technical summary
Integer overflow vulnerability in OpenHarmony v6.0 and prior allows local attackers to cause denial-of-service. Attack requires local access with low privileges. No confidentiality or integrity impact; availability impact is low.
Defensive priority
low
Recommended defensive actions
- Apply security updates from OpenHarmony when available per vendor security disclosure
- Review local access controls to limit exposure to trusted users only
- Monitor OpenHarmony security disclosure repository for patch availability
- Assess systems running OpenHarmony v6.0 or earlier for exposure
Evidence notes
Vulnerability disclosed by OpenHarmony security team via Gitcode repository. NVD status is 'Deferred'. CVSS vector confirms local attack vector with availability impact only.
Official resources
-
CVE-2026-27781 CVE record
CVE.org
-
CVE-2026-27781 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
2026-05-19