These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A local denial-of-service vulnerability exists in OpenHarmony v6.0 and prior versions. The vulnerability, classified as CWE-364 (Race Condition), allows a local attacker to cause a denial of service. The CVSS 3.1 score of 3.3 (Low severity) reflects the local attack vector, low attack complexity, low privileges required, and high availability impact. The vulnerability was published on May 19, 2026, with a [truncated]
A local denial-of-service (DoS) vulnerability exists in OpenHarmony v6.0 and prior versions. The vulnerability allows a local attacker to cause a DoS condition. The issue was disclosed on 19 May 2026 and is classified as low severity with a CVSS 3.1 score of 3.3. The vulnerability is associated with CWE-20 (Improper Input Validation). The NVD entry status is currently 'Deferred'.
A use-after-free vulnerability (CWE-416) in OpenHarmony v6.0 and prior versions allows a local attacker to execute arbitrary code. The vulnerability has a CVSS 3.1 score of 6.5 (MEDIUM severity) with an attack vector of local access, low attack complexity, low privileges required, no user interaction, and changed scope with high availability impact. The vulnerability was disclosed by OpenHarmony's security team.
A local denial-of-service vulnerability exists in OpenHarmony v6.0 and prior versions. The issue, classified as CWE-190 (Integer Overflow or Wraparound), allows a local attacker to cause a denial-of-service condition. The vulnerability has a CVSS 3.1 score of 3.3 (Low severity) with an attack vector requiring local access, low attack complexity, and low privileges. No user interaction is required. The NVD [truncated]
CVE-2026-27766 is a medium-severity information disclosure vulnerability affecting OpenHarmony v6.0 and prior versions. The vulnerability allows a local attacker to cause information leakage. The issue was published on 2026-05-19 and carries a CVSS 3.1 score of 5.5 (MEDIUM) with the vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating local attack vector, low attack complexity, low privileges r [truncated]
A remote code execution vulnerability in OpenHarmony v6.0 and prior versions allows attackers to execute arbitrary code in pre-installed applications. The vulnerability is classified as CWE-787 (Out-of-bounds Write) with a CVSS 3.1 score of 8.8 (HIGH severity). The attack vector is network-based with low attack complexity, requiring low privileges but no user interaction. The vulnerability was disclosed b [truncated]
A local information disclosure vulnerability exists in OpenHarmony v6.0 and prior versions. The flaw allows a local attacker to cause information leakage. The vulnerability is classified as CWE-281 (Improper Preservation of Permissions) and carries a CVSS 3.1 score of 5.5 (MEDIUM severity). The attack vector is local with low attack complexity, requiring low privileges but no user interaction. The confide [truncated]
A local denial-of-service vulnerability in OpenHarmony v6.0 and earlier allows an attacker to cause a system crash that cannot be recovered without manual intervention. The vulnerability is classified as HIGH severity with a CVSS 3.1 score of 8.4. The attack requires local access with low privileges and no user interaction, but can affect resources beyond the vulnerable component's security scope. The und [truncated]
A local denial-of-service vulnerability exists in OpenHarmony v6.0 and prior versions. The issue, classified as CWE-476 (NULL Pointer Dereference), allows a local attacker to cause a denial-of-service condition. The vulnerability has a CVSS 3.1 score of 3.3 (Low severity) with an attack vector of local access, low attack complexity, and low privileges required. No user interaction is needed for exploitati [truncated]
A high-severity vulnerability in OpenHarmony v6.0 and prior versions allows remote attackers to execute arbitrary code in pre-installed applications. The vulnerability, published on May 19, 2026, carries a CVSS 3.1 score of 8.1 (HIGH) with a vector of AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H. The attack requires low privileges and no user interaction, with network-based exploitation possible. The underlying we [truncated]