CVE-2026-28553 - Vulnerability Details - OpenCVE

Vulnerability of improper permission control in the theme setting module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Emui Harmonyos

No data.

No data.

References

Link	Providers
https://consumer.huawei.com/en/support/bulletin/2026/4/

History

Mon, 13 Apr 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 13 Apr 2026 14:30:00 +0000

Type	Values Removed	Values Added
Title		Improper Permission Control in Huawei EMUI and HarmonyOS Theme Setting Module

Mon, 13 Apr 2026 13:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Huawei Huawei emui Huawei harmonyos
Vendors & Products		Huawei Huawei emui Huawei harmonyos

Mon, 13 Apr 2026 04:00:00 +0000

Type	Values Removed	Values Added
Description		Vulnerability of improper permission control in the theme setting module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Weaknesses		CWE-275
References		https://consumer.huawei.com/en/support/bulletin/2026/4/
Metrics		cvssV3_1 `{'score': 6.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2026-04-13T03:53:07.148Z

Updated: 2026-04-13T15:02:31.882Z

Reserved: 2026-02-28T03:58:12.089Z

Link: CVE-2026-28553

Vulnrichment

Updated: 2026-04-13T15:02:26.841Z

NVD

Status : Undergoing Analysis

Published: 2026-04-13T04:16:03.650

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-28553

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28553", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "state": "PUBLISHED", "assignerShortName": "huawei", "dateReserved": "2026-02-28T03:58:12.089Z", "datePublished": "2026-04-13T03:53:07.148Z", "dateUpdated": "2026-04-13T15:02:31.882Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-04-13T03:53:07.148Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-275", "description": "CWE-275 Permission Issues", "type": "CWE"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "4.3.1"}, {"status": "affected", "version": "4.3.0"}, {"status": "affected", "version": "4.2.0"}, {"status": "affected", "version": "4.0.0"}], "defaultStatus": "unaffected"}, {"vendor": "Huawei", "product": "EMUI", "versions": [{"status": "affected", "version": "15.0.0"}, {"status": "affected", "version": "14.2.0"}, {"status": "affected", "version": "14.0.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Vulnerability of improper permission control in the theme setting module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Vulnerability of improper permission control in the theme setting module.<br>Impact: Successful exploitation of this vulnerability may affect service confidentiality."}]}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseSeverity": "MEDIUM", "baseScore": 6.9, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T15:02:22.155523Z", "id": "CVE-2026-28553", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T15:02:31.882Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28553", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T15:02:22.155523Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T15:02:26.841Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "4.3.1"}, {"status": "affected", "version": "4.3.0"}, {"status": "affected", "version": "4.2.0"}, {"status": "affected", "version": "4.0.0"}], "defaultStatus": "unaffected"}, {"vendor": "Huawei", "product": "EMUI", "versions": [{"status": "affected", "version": "15.0.0"}, {"status": "affected", "version": "14.2.0"}, {"status": "affected", "version": "14.0.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2026/4/"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Vulnerability of improper permission control in the theme setting module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.", "supportingMedia": [{"type": "text/html", "value": "Vulnerability of improper permission control in the theme setting module.<br>Impact: Successful exploitation of this vulnerability may affect service confidentiality.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-275", "description": "CWE-275 Permission Issues"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2026-04-13T03:53:07.148Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28553", "state": "PUBLISHED", "dateUpdated": "2026-04-13T15:02:31.882Z", "dateReserved": "2026-02-28T03:58:12.089Z", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "datePublished": "2026-04-13T03:53:07.148Z", "assignerShortName": "huawei"}, "dataVersion": "5.2"}