ByteOS Network

CVE Vulnerability Details :

CVE-2026-27648

PUBLISHED

More Info Official Page

Assigner-OpenHarmony

Assigner Org ID-0cf5dd6e-1214-4398-a481-30441e48fafd

Published At-19 May, 2026 | 02:58

Updated At-19 May, 2026 | 02:58

▼CVE Numbering Authority (CNA)

web_webview has an out-of-bounds write vulnerability

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.

Affected Products

Vendor

OpenHarmony (OpenAtom Foundation)

Product

OpenHarmony

Default Status

unaffected

Versions

Affected

From v5.0.3 through v6.0 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-787	CWE-787 Out-of-bounds write

Type: CWE

CWE ID: CWE-787

Description: CWE-787 Out-of-bounds write

Metrics

Version	Base score	Base severity	Vector
3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Hyperlink	Resource
https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-04.md	N/A

Hyperlink: https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-04.md

Resource: N/A

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References