Cyber Posture

CVE-2026-28536

Critical

Published: 05 March 2026

Published
05 March 2026
Modified
06 March 2026
KEV Added
Patch
CVSS Score 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0003 10.5th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-28536 is a critical-severity Authentication Bypass by Primary Weakness (CWE-305) vulnerability in Huawei Harmonyos. Its CVSS base score is 9.6 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique External Remote Services (T1133); ranked at the 10.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-3 (Device Identification and Authentication) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to External Remote Services (T1133) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

IA-3 Device Identification and Authentication good match
prevent

Directly enforces robust device identification and authentication mechanisms to prevent bypass vulnerabilities in the device authentication module.

SI-2 Flaw Remediation good match
prevent

Mandates timely identification, reporting, and correction of system flaws like this CVE through vendor patches.

AC-14 Permitted Actions Without Identification or Authentication partial match
prevent

Restricts permitted actions without identification or authentication, limiting potential exploitation impact from bypass.

MITRE ATT&CK Enterprise TechniquesAI

T1133 External Remote Services Persistence
Adversaries may leverage external-facing remote services to initially access and/or persist within a network.
attack.mitre.org →
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
Why these techniques?

Auth bypass in device auth module on adjacent network enables exploitation of exposed remote services (T1133/T1210) for unauthenticated initial access with full C/I/A impact.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.

Deeper analysisAI

CVE-2026-28536 is an authentication bypass vulnerability in the device authentication module affecting Huawei consumer devices. Published on 2026-03-05T07:16:13.660, it carries a CVSS v3.1 base score of 9.6 (AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) and is linked to CWE-305. Successful exploitation impacts integrity and confidentiality.

The vulnerability can be exploited by unauthenticated attackers on an adjacent network, requiring low complexity and no user interaction. Exploitation allows attackers to bypass authentication, resulting in high impacts to confidentiality, integrity, and availability with a changed scope.

Huawei has published security bulletins addressing this issue, available at https://consumer.huawei.com/en/support/bulletin/2026/3/, https://consumer.huawei.com/en/support/bulletinlaptops/2026/3/, and https://consumer.huawei.com/en/support/bulletinvision/2026/3/.

Details

CWE(s)
CWE-305

Affected Products

huawei
harmonyos
5.1.0, 6.0.0

CVEs Like This One

CVE-2025-68960Same product: Huawei Harmonyos
CVE-2024-56436Same product: Huawei Harmonyos
CVE-2025-68968Same product: Huawei Harmonyos
CVE-2024-56437Same product: Huawei Harmonyos
CVE-2026-24926Same product: Huawei Harmonyos
CVE-2026-24921Same product: Huawei Harmonyos
CVE-2024-12602Same product: Huawei Harmonyos
CVE-2026-34856Same product: Huawei Harmonyos
CVE-2024-56439Same product: Huawei Harmonyos
CVE-2024-56443Same product: Huawei Harmonyos

References