{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31368", "assignerOrgId": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "state": "PUBLISHED", "assignerShortName": "Honor", "dateReserved": "2026-03-09T03:44:51.358Z", "datePublished": "2026-04-21T06:40:08.446Z", "dateUpdated": "2026-04-21T13:23:57.396Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "shortName": "Honor", "dateUpdated": "2026-04-21T06:40:08.446Z"}, "title": "Privilege Bypass in AiAssistant", "affected": [{"vendor": "Honor", "product": "AIAssistant", "versions": [{"status": "affected", "version": "90.0.12.010"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.<br>"}]}], "references": [{"url": "https://www.honor.com/global/security/cve-2026-31368/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-21T13:23:47.545195Z", "id": "CVE-2026-31368", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T13:23:57.396Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31368", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-21T13:23:47.545195Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T13:23:53.188Z"}}], "cna": {"title": "Privilege Bypass in AiAssistant", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Honor", "product": "AIAssistant", "versions": [{"status": "affected", "version": "90.0.12.010"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.honor.com/global/security/cve-2026-31368/"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.", "supportingMedia": [{"type": "text/html", "value": "AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.<br>", "base64": false}]}], "providerMetadata": {"orgId": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "shortName": "Honor", "dateUpdated": "2026-04-21T06:40:08.446Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31368", "state": "PUBLISHED", "dateUpdated": "2026-04-21T13:23:57.396Z", "dateReserved": "2026-03-09T03:44:51.358Z", "assignerOrgId": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "datePublished": "2026-04-21T06:40:08.446Z", "assignerShortName": "Honor"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability."}], "id": "CVE-2026-31368", "lastModified": "2026-05-05T20:45:22.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "type": "Secondary"}]}, "published": "2026-04-21T07:16:07.923", "references": [{"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "url": "https://www.honor.com/global/security/cve-2026-31368/"}], "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "vulnStatus": "Deferred"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "90.0.12.010"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "AIAssistant", "source": "cna", "vendor": "Honor"}, "product": "aiassistant", "vendor": "honor"}], "analysis": {"en": {"generated_at": "2026-04-21T23:07:56.249318+00:00", "value": {"mitigation_remediation": ["Apply any publicly released Honor AIAssistant update that addresses the privilege bypass flaw.", "Restrict the number of users with administrative privileges and enforce least privilege to reduce the impact of a potential privilege escalation.", "Monitor system logs for signs of unauthorized privilege escalation attempts and enable alerting on suspicious activity."], "summary": {"action": "Patch Now", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Honor\u2019s AiAssistant product.\n\nNo specific version information is disclosed, so all iterations of AiAssistant that have not been patched are potentially vulnerable.", "description_and_impact": "AiAssistant contains a privilege bypass flaw that can allow an attacker to gain higher privileges and potentially disrupt service availability.\n\nThe flaw is categorized as a type privilege bypass, indicating that the normal access controls can be subverted, opening the door to unauthorized actions.\n\nSuccessful exploitation could enable execution of privileged code or manipulation of the system state, directly compromising integrity and availability.", "risk_and_exploitability": "The CVSS Base score of 7.8 signifies a substantial risk level, while the EPSS score of less than 1% indicates a low probability of exploitation at present.\n\nThe vulnerability is not cataloged in the CISA KEV list.\n\nWhile the advisory does not explicitly state the attack vector, the nature of a privilege bypass suggests that an attacker might obtain elevated privileges either locally or remotely by exploiting weaknesses in authentication or authorization.\n\nIf exploit conditions are met, the attacker could gain unauthorized control over the AiAssistant service, leading to potential service disruption and other malicious actions."}}}}, "created": "2026-04-21T23:15:03.119875+00:00", "updated": "2026-04-22T11:46:46.303137+00:00", "vendors": ["honor", "honor$PRODUCT$aiassistant"], "weaknesses": ["CWE-264"]}