{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31370", "assignerOrgId": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "state": "PUBLISHED", "assignerShortName": "Honor", "dateReserved": "2026-03-09T03:44:51.358Z", "datePublished": "2026-04-21T06:30:53.883Z", "dateUpdated": "2026-04-21T13:25:53.570Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "shortName": "Honor", "dateUpdated": "2026-04-21T06:30:53.883Z"}, "title": "Information Leak Vulnerability in Honor E", "affected": [{"vendor": "Honor", "product": "Honor E", "versions": [{"status": "affected", "version": "25.02.08.01"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality."}]}], "references": [{"url": "https://www.honor.com/global/security/CVE-2026-31370/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseSeverity": "MEDIUM", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-21T13:25:16.139034Z", "id": "CVE-2026-31370", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T13:25:53.570Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31370", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-21T13:25:16.139034Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T13:25:47.537Z"}}], "cna": {"title": "Information Leak Vulnerability in Honor E", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Honor", "product": "Honor E", "versions": [{"status": "affected", "version": "25.02.08.01"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.honor.com/global/security/CVE-2026-31370/"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.", "supportingMedia": [{"type": "text/html", "value": "Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.", "base64": false}]}], "providerMetadata": {"orgId": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "shortName": "Honor", "dateUpdated": "2026-04-21T06:30:53.883Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31370", "state": "PUBLISHED", "dateUpdated": "2026-04-21T13:25:53.570Z", "dateReserved": "2026-03-09T03:44:51.358Z", "assignerOrgId": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "datePublished": "2026-04-21T06:30:53.883Z", "assignerShortName": "Honor"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality."}], "id": "CVE-2026-31370", "lastModified": "2026-05-05T20:45:22.917", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "type": "Secondary"}]}, "published": "2026-04-21T07:16:09.437", "references": [{"source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "url": "https://www.honor.com/global/security/CVE-2026-31370/"}], "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "vulnStatus": "Deferred"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "25.02.08.01"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "honor_e", "vendor": "honor"}], "analysis": {"en": {"generated_at": "2026-04-21T23:08:09.689477+00:00", "value": {"mitigation_remediation": ["Obtain and install the latest version of the Honor E app that addresses the information leak; upgrade immediately when a vendor patch is released.", "If no patch is available, modify the app configuration or disable the feature that can expose sensitive data to prevent the leak from occurring.", "Deploy monitoring and logging to detect abnormal read attempts or data exfiltration patterns, and block any suspicious activity with network or application firewalls."], "summary": {"action": "Assess & Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Honor\u2019s Honor E application, distributed by Honor. No specific version information is provided, so all releases of Honor E that have not yet applied a vendor update are considered affected.", "description_and_impact": "The vulnerability is an information leak within the Honor E application that can compromise service confidentiality. It allows an attacker to read sensitive data from the application, potentially exposing private user or system information. The weakness corresponds to CWE\u2011200: Information Exposure. Because the description provides no specific details about how the exploit is performed, it is inferred that the attack vector involves unauthorized reading or a configuration flaw that can be triggered by an adversary with application-level access.", "risk_and_exploitability": "The CVSS score of 6.3 indicates moderate severity, while the EPSS score of less than 1% suggests a very low yet non-zero probability of exploitation in the wild. The vulnerability is not listed in CISA KEV. Without explicit details on prerequisites or the attack path, it is presumed that an attacker who gains access to the application\u2014either locally or via a remote network path\u2014could exploit the information leak. The primary risk is confidentiality compromise."}}}}, "created": "2026-04-21T23:15:03.120097+00:00", "updated": "2026-04-22T11:46:47.470463+00:00", "vendors": ["honor", "honor$PRODUCT$honor_e"], "weaknesses": ["CWE-200"]}