PatchSiren cyber security CVE debrief
CVE-2026-33565 OpenHarmony CVE debrief
A local denial-of-service vulnerability exists in OpenHarmony v6.0 and prior versions. The vulnerability, classified as CWE-364 (Race Condition), allows a local attacker to cause a denial of service. The CVSS 3.1 score of 3.3 (Low severity) reflects the local attack vector, low attack complexity, low privileges required, and high availability impact. The vulnerability was published on May 19, 2026, with a subsequent modification on the same day. The NVD status is currently 'Deferred,' indicating the entry is under review or awaiting additional analysis. The primary reference points to OpenHarmony's security disclosure repository on Gitcode.
- Vendor
- OpenHarmony
- Product
- Unknown
- CVSS
- LOW 3.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-19
- Original CVE updated
- 2026-05-19
- Advisory published
- 2026-05-19
- Advisory updated
- 2026-05-19
Who should care
Organizations deploying OpenHarmony-based systems, particularly those with multi-user environments where local access is granted to untrusted users. System administrators responsible for OpenHarmony device security and availability.
Technical summary
The vulnerability stems from a race condition (CWE-364) in OpenHarmony v6.0 and earlier versions. A local attacker with low privileges can exploit this condition to trigger a denial of service. The attack requires local access and low privileges but no user interaction. The vulnerability does not impact confidentiality or integrity, only availability. The CVSS vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L confirms these characteristics.
Defensive priority
low
Recommended defensive actions
- Review OpenHarmony security disclosure documentation for affected components and patch availability
- Assess local access controls to limit exposure to trusted users only
- Monitor OpenHarmony security advisories for status updates on this CVE
- Apply security updates from OpenHarmony when available addressing CVE-2026-33565
Evidence notes
Vendor attribution to OpenHarmony is based on the reference domain 'gitcode.com/openharmony' with 'low' confidence per source metadata. The CVE description explicitly names OpenHarmony as the affected product. NVD vulnerability status is 'Deferred' as of source capture.
Official resources
-
CVE-2026-33565 CVE record
CVE.org
-
CVE-2026-33565 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
public