Cyber Posture

CVE-2026-24926

High

Published: 06 February 2026

Published
06 February 2026
Modified
10 February 2026
KEV Added
Patch
CVSS Score 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0000 0.1th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24926 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Huawei Harmonyos. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and remediation of flaws such as this out-of-bounds write vulnerability via patching as provided in Huawei bulletins.

SI-16 Memory Protection good match
prevent

Provides memory protection mechanisms like ASLR and DEP that directly prevent exploitation of out-of-bounds writes in the camera module.

SI-10 Information Input Validation partial match
prevent

Validates boundaries and content of inputs to the camera module to mitigate causes of the out-of-bounds write vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Local out-of-bounds write in system camera module (accessible without privileges) enables memory corruption leading to code execution or system-level compromise, directly facilitating T1068 Exploitation for Privilege Escalation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.

Deeper analysisAI

CVE-2026-24926 is an out-of-bounds write vulnerability (CWE-787) in the camera module of Huawei consumer products, including devices covered under general consumer support and laptops. Published on 2026-02-06, it carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity with potential impacts on confidentiality, integrity, and availability, though the primary noted impact is on availability.

A local attacker can exploit this vulnerability with low complexity and no privileges or user interaction required. Successful exploitation allows the attacker to achieve high-impact effects, such as unauthorized data access, modification, or denial of service through the out-of-bounds write in the camera module.

Huawei has published security bulletins addressing this issue, available at https://consumer.huawei.com/en/support/bulletin/2026/2/ for general consumer products and https://consumer.huawei.com/en/support/bulletinlaptops/2026/2/ for laptops, which likely detail patches and mitigation steps.

Details

CWE(s)
CWE-787

Affected Products

huawei
harmonyos
6.0.0

CVEs Like This One

CVE-2024-57955Same product: Huawei Harmonyos
CVE-2024-56451Same product: Huawei Harmonyos
CVE-2025-68958Same product: Huawei Harmonyos
CVE-2024-57961Same product: Huawei Harmonyos
CVE-2025-68957Same product: Huawei Harmonyos
CVE-2025-68960Same product: Huawei Harmonyos
CVE-2024-56439Same product: Huawei Harmonyos
CVE-2026-24930Same product: Huawei Harmonyos
CVE-2025-68956Same product: Huawei Harmonyos
CVE-2025-68968Same product: Huawei Harmonyos

References