What is CVE-2026-24920?

A medium severity permission control vulnerability in Huawei's EMUI and HarmonyOS may impact availability. Organizations are advised to address this vulnerability in their patch cycles.

What is the severity of CVE-2026-24920?

CVE-2026-24920 has a severity rating of MEDIUM with a CVSS base score of 6.2.

CVE-2026-24920 | Medium Vulnerability in Huawei EMUI and HarmonyOS

CVE-2026-24920 is a medium severity vulnerability found in the AMS module of Huawei's EMUI and HarmonyOS. This vulnerability allows for improper permission control, which may lead to unauthorized access and affect availability. The CVSS score for this vulnerability is 6.2, indicating a medium level of risk. Organizations should address this vulnerability in their priority patch cycles to mitigate potential impacts.

Successful exploitation of this vulnerability may compromise the availability of affected systems. As such, organizations utilizing affected versions of EMUI or HarmonyOS should remain vigilant and prioritize remediation efforts to prevent exploitation.

Currently, there are no known exploits or public proof-of-concept code for this vulnerability, but the lack of known exploitation does not diminish the urgency for organizations to apply the necessary patches as soon as they are available.

Organizations should prioritize patching immediately to safeguard their systems against potential exploitation.

Vulnerability Details

The vulnerability CVE-2026-24920 is characterized as a permission control vulnerability in the AMS module. The CVSS score assigned to this vulnerability is 6.2, reflecting its medium severity level. The vulnerability affects Huawei's EMUI versions 14.2.0 and 15.0.0, as well as HarmonyOS versions 4.2.0, 4.3.0, and 4.3.1.

The vulnerability was published on February 6, 2026, and is classified under CWE-264. The attack vector is local, requiring no privileges or user interaction, which indicates a low attack complexity.

Technical Analysis

The root cause of this vulnerability stems from improper permission controls within the AMS module. This failure allows attackers to exploit the system without needing any privileges or user interaction. The attack complexity is classified as low, making it easier for potential attackers to leverage this vulnerability.

Given that the attack vector is local, the vulnerability poses a risk primarily to users with access to the affected devices. The impact on confidentiality is negligible, while the integrity impact is assessed as high, indicating significant potential to alter data or functionalities.

Risk & Impact Analysis

Risk to organizations includes potential disruptions to service availability and integrity of operations within the affected systems. The blast radius for exploitation could extend to sensitive operations relying on the affected modules. Organizations should assess their risk posture and prioritize patching efforts based on the CVSS score and potential impact.

Given the vulnerability's classification and current metrics, organizations should schedule remediation as soon as possible. The low EPS score indicates a very low likelihood of exploitation; however, proactive measures should still be taken.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

Affected versions of Huawei's EMUI include 14.2.0 and 15.0.0, while HarmonyOS versions 4.2.0, 4.3.0, and 4.3.1 are also affected. Organizations should ensure they are running patched versions to mitigate risk.

Mitigation & Remediation

Huawei has not yet released a patch for this vulnerability. Organizations should regularly check for updates from Huawei and apply patches as they become available. In the meantime, implementing additional access controls may help mitigate potential risks.

Organizations should also consider conducting a thorough security assessment, including application security assessments, to identify any other potential vulnerabilities within their systems.

Detection Guidance

Organizations should monitor logs for any unusual access patterns or integrity violations that may indicate attempts to exploit this vulnerability. Behavioral anomalies in system operations should be investigated promptly to mitigate potential impacts.

AppSecure Threat Intelligence Insight

The significance of CVE-2026-24920 lies in its impact on the integrity of systems running affected Huawei products. It highlights the necessity for robust permission controls within software modules, especially in user-facing applications.

As vulnerabilities like this become more common, organizations should prioritize adopting penetration testing methodologies in their security strategies.

In conclusion, understanding vulnerabilities such as CVE-2026-24920 can lead to improved security postures and more resilient systems against potential attacks. Continuous monitoring and timely remediation are crucial in the fast-evolving threat landscape.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-24920: Medium Vulnerability in Huawei EMUI and HarmonyOS