CVE-2026-41960
Description
Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerability may affect availability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A permission control vulnerability in Huawei's calls component could allow an attacker to affect device availability.
Vulnerability
Overview
CVE-2026-41960 is a permission control vulnerability in the calls component of Huawei's HarmonyOS and EMUI software. The root cause is insufficient permission checks within the call handling functionality, which can be exploited to impact system availability [1].
Exploitation
An attacker with local access or the ability to trigger call-related operations could exploit this flaw by bypassing intended permission controls. The vulnerability does not require authentication beyond the device's normal access, but the exact attack vector and prerequisites are not detailed in the advisory [1].
Impact
Successful exploitation of this vulnerability may lead to a denial-of-service condition, affecting the availability of the device. The CVSS v3 base score of 5.8 (Medium) reflects the potential for disruption without compromising confidentiality or integrity [1].
Mitigation
Huawei has addressed this vulnerability in the May 2026 security bulletin. Users are advised to update their devices to the latest firmware versions for HarmonyOS 4.0.0 through 4.3.1, EMUI 14.0.0.0 through 15.0.0, and later versions as specified in the bulletin [1].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.