CVE-2026-41980 - Vulnerability Details - OpenCVE

Permission control vulnerability in the file preview module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Huawei	Harmonyos

No data.

No data.

References

Link	Providers
https://consumer.huawei.com/en/support/bulletin/2026/6/
https://consumer.huawei.com/en/support/bulletinlaptops/2026/6/
https://consumer.huawei.com/en/support/bulletinvision/2026/6/

History

Tue, 09 Jun 2026 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 09 Jun 2026 06:30:00 +0000

Type	Values Removed	Values Added
Title		Permission Control Flaw in HarmonyOS File Preview Exposes Confidential Information

Tue, 09 Jun 2026 06:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Huawei Huawei harmonyos
Vendors & Products		Huawei Huawei harmonyos

Tue, 09 Jun 2026 04:45:00 +0000

Type	Values Removed	Values Added
Description		Permission control vulnerability in the file preview module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Weaknesses		CWE-200
References		https://consumer.huawei.com/en/support/bulletin/2026/6/ https://consumer.huawei.com/en/support/bulletinlaptops/2026/6/ https://consumer.huawei.com/en/support/bulletinvision/2026/6/
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2026-06-09T03:51:43.467Z

Updated: 2026-06-09T13:25:45.371Z

Reserved: 2026-04-23T01:42:44.929Z

Link: CVE-2026-41980

Vulnrichment

Updated: 2026-06-09T13:25:32.192Z

NVD

Status : Deferred

Published: 2026-06-09T05:16:38.260

Modified: 2026-06-09T13:34:58.997

Link: CVE-2026-41980

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41980", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "state": "PUBLISHED", "assignerShortName": "huawei", "dateReserved": "2026-04-23T01:42:44.929Z", "datePublished": "2026-06-09T03:51:43.467Z", "dateUpdated": "2026-06-09T13:25:45.371Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-06-09T03:51:43.467Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "type": "CWE"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "6.1.0"}, {"status": "affected", "version": "6.0.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Permission control vulnerability in the file preview module.\u00a0Impact: Successful exploitation of this vulnerability may affect service confidentiality.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Permission control vulnerability in the file preview module. Impact: Successful exploitation of this vulnerability may affect service confidentiality."}]}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/6/"}, {"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/6/"}, {"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/6/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-09T13:25:27.919825Z", "id": "CVE-2026-41980", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-09T13:25:45.371Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41980", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-09T13:25:27.919825Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-09T13:25:32.192Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "6.1.0"}, {"status": "affected", "version": "6.0.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/6/"}, {"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/6/"}, {"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/6/"}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "Permission control vulnerability in the file preview module.\u00a0Impact: Successful exploitation of this vulnerability may affect service confidentiality.", "supportingMedia": [{"type": "text/html", "value": "Permission control vulnerability in the file preview module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-06-09T03:51:43.467Z"}}}, "cveMetadata": {"cveId": "CVE-2026-41980", "state": "PUBLISHED", "dateUpdated": "2026-06-09T13:25:45.371Z", "dateReserved": "2026-04-23T01:42:44.929Z", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "datePublished": "2026-06-09T03:51:43.467Z", "assignerShortName": "huawei"}, "dataVersion": "5.2"}