{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28540", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "state": "PUBLISHED", "assignerShortName": "huawei", "dateReserved": "2026-02-28T03:58:12.087Z", "datePublished": "2026-03-05T07:55:01.103Z", "dateUpdated": "2026-03-05T15:40:50.887Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HarmonyOS", "vendor": "Huawei", "versions": [{"status": "affected", "version": "6.0.0"}, {"status": "affected", "version": "5.1.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality."}], "value": "Out-of-bounds character read vulnerability in Bluetooth.\u00a0Impact: Successful exploitation of this vulnerability may affect service confidentiality."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-158", "description": "CWE-158 Improper Neutralization of Null Byte or NUL Character", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-03-05T07:55:01.103Z"}, "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"}, {"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/3/"}, {"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/3/"}, {"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-05T15:28:57.305593Z", "id": "CVE-2026-28540", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T15:40:50.887Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28540", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-05T15:28:57.305593Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T15:28:58.298Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "6.0.0"}, {"status": "affected", "version": "5.1.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"}, {"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/3/"}, {"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/3/"}, {"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Out-of-bounds character read vulnerability in Bluetooth.\u00a0Impact: Successful exploitation of this vulnerability may affect service confidentiality.", "supportingMedia": [{"type": "text/html", "value": "Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-158", "description": "CWE-158 Improper Neutralization of Null Byte or NUL Character"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-03-05T07:55:01.103Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28540", "state": "PUBLISHED", "dateUpdated": "2026-03-05T15:40:50.887Z", "dateReserved": "2026-02-28T03:58:12.087Z", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "datePublished": "2026-03-05T07:55:01.103Z", "assignerShortName": "huawei"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:harmonyos:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E39DE6A6-CBE6-4086-93CD-113D1B3BA730", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0EBE30DD-E146-4A6A-BE68-DEF9D4D0B2A8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds character read vulnerability in Bluetooth.\u00a0Impact: Successful exploitation of this vulnerability may affect service confidentiality."}], "id": "CVE-2026-28540", "lastModified": "2026-03-05T21:39:02.117", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "psirt@huawei.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-05T08:15:58.833", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletin/2026/3/"}, {"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/"}, {"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletinvision/2026/3/"}, {"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/3/"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-158"}], "source": "psirt@huawei.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "HarmonyOS", "source": "cna", "vendor": "Huawei"}, "product": "harmonyos", "vendor": "huawei"}], "analysis": {"en": {"generated_at": "2026-04-16T12:27:41.979248+00:00", "value": {"mitigation_remediation": ["Install the latest HarmonyOS update that addresses the Bluetooth out\u2011of\u2011bounds read flaw.", "If an update is not yet available, disable Bluetooth when not in use or limit its exposure to trusted devices.", "Monitor Huawei's consumer support bulletins for future fixes and apply any subsequent security updates promptly."], "summary": {"action": "Apply patch", "impact": "Confidentiality breach via out-of-bounds read"}, "threat_synthesis": {"affected_systems": "Huawei HarmonyOS 5.1.0 and HarmonyOS 6.0.0 are affected across a range of consumer devices, including phones, laptops, vision devices, and wearables as referenced by Huawei's consumer support bulletins. The vulnerability centers on the Bluetooth implementation shipped with these operating\u2011system releases.", "description_and_impact": "The vulnerability is an out-of-bounds character read in the Bluetooth subsystem of Huawei's HarmonyOS. Successfully exploited, it allows a nearby attacker to read memory content beyond boundaries, exposing potentially sensitive data. The weakness is categorized under CWE\u2011125 and CWE\u2011158 and does not provide code execution or denial of service, but it can compromise service confidentiality.", "risk_and_exploitability": "The CVSS score of 4 indicates medium risk, while the EPSS score of less than 1% suggests very low probability of active exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to be within Bluetooth range of the target device, implying a local or proximity-based threat. Overall, the risk is low but the confidentiality impact warrants timely resolution."}}}}, "created": "2026-03-06T15:07:52.904514+00:00", "title": "Out\u2011of\u2011Bounds Character Read in Bluetooth on Huawei HarmonyOS", "updated": "2026-04-16T12:30:06.121066+00:00", "vendors": ["huawei", "huawei$PRODUCT$harmonyos"]}