Cyber Resilience

CVE-2026-28536

Critical

Published: 05 March 2026

Published
05 March 2026
Modified
06 March 2026
KEV Added
Patch
CVSS Score v3.1 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0018 8.0th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-28536 is a critical-severity Authentication Bypass by Primary Weakness (CWE-305) vulnerability in Huawei Harmonyos. Its CVSS base score is 9.6 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique External Remote Services (T1133); ranked at the 8.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-3 (Device Identification and Authentication) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-28536 is an authentication bypass vulnerability in the device authentication module affecting Huawei consumer devices. Published on 2026-03-05T07:16:13.660, it carries a CVSS v3.1 base score of 9.6 (AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) and is linked to CWE-305. Successful exploitation impacts integrity and confidentiality.

The vulnerability can be exploited by unauthenticated attackers on an adjacent network, requiring low complexity and no user interaction. Exploitation allows attackers to bypass authentication, resulting in high impacts to confidentiality, integrity, and availability with a changed scope.

Huawei has published security bulletins addressing this issue, available at https://consumer.huawei.com/en/support/bulletin/2026/3/, https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/, and https://consumer.huawei.com/en/support/bulletinvision/2026/3/.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1133 External Remote Services Persistence
Adversaries may leverage external-facing remote services to initially access and/or persist within a network.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Auth bypass in device auth module on adjacent network enables exploitation of exposed remote services (T1133/T1210) for unauthenticated initial access with full C/I/A impact.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24926Same product: Huawei Harmonyos
CVE-2024-56436Same product: Huawei Harmonyos
CVE-2024-56443Same product: Huawei Harmonyos
CVE-2025-68968Same product: Huawei Harmonyos
CVE-2026-24915Same product: Huawei Harmonyos
CVE-2024-56446Same product: Huawei Harmonyos
CVE-2024-12602Same product: Huawei Harmonyos
CVE-2025-68957Same product: Huawei Harmonyos
CVE-2026-24921Same product: Huawei Harmonyos
CVE-2024-56437Same product: Huawei Harmonyos

Affected Assets

huawei
harmonyos
5.1.0, 6.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces robust device identification and authentication mechanisms to prevent bypass vulnerabilities in the device authentication module.

prevent

Mandates timely identification, reporting, and correction of system flaws like this CVE through vendor patches.

prevent

Restricts permitted actions without identification or authentication, limiting potential exploitation impact from bypass.

References