Openharmony Openharmony
177 CVEs affecting Openharmony Openharmony. Latest disclosed: 2026-05-19. Critical: 0, High: 35.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-27648 | High | 8.8 | 2026-05-19 | in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. |
CVE-2025-0304 | High | 8.8 | 2025-02-07 | in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use afte… |
CVE-2025-0303 | High | 8.8 | 2025-02-07 | in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through buffer o… |
CVE-2024-47398 | High | 8.8 | 2025-01-07 | in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to boot up through out-of-bounds write. |
CVE-2024-10074 | High | 8.8 | 2024-12-03 | in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free. |
CVE-2024-41160 | High | 8.8 | 2024-09-02 | in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use afte… |
CVE-2024-41157 | High | 8.8 | 2024-09-02 | in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use afte… |
CVE-2022-38700 | High | 8.8 | 2022-09-09 | OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service. |
CVE-2026-25781 | High | 8.4 | 2026-05-19 | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered. |
CVE-2025-27128 | High | 8.4 | 2025-08-11 | in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. |
CVE-2025-24298 | High | 8.4 | 2025-08-11 | in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. |
CVE-2025-25278 | High | 8.4 | 2025-08-11 | in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. |
CVE-2025-27577 | High | 8.4 | 2025-08-11 | in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. |
CVE-2024-47137 | High | 8.4 | 2024-11-05 | in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-b… |
CVE-2024-47404 | High | 8.4 | 2024-11-05 | in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double f… |
CVE-2024-47797 | High | 8.4 | 2024-11-05 | in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-b… |
CVE-2024-39816 | High | 8.4 | 2024-09-02 | in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. |
CVE-2024-38386 | High | 8.4 | 2024-09-02 | in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. |
CVE-2023-43612 | High | 8.4 | 2023-11-20 | in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions. |
CVE-2022-43451 | High | 8.4 | 2022-11-03 | OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Local attackers can create arbitrary dir… |