Cyber Resilience

CVE-2026-28542

High

Published: 05 March 2026

Published
05 March 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
EPSS Score 0.0001 0.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-28542 is a high-severity Improper Handling of Exceptional Conditions (CWE-755) vulnerability in Huawei Emui. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-28542 is a permission bypass vulnerability in the system service framework affecting Huawei consumer devices, including wearables. Published on 2026-03-05, it carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L) and is associated with CWE-755 (NVD-CWE-noinfo). The vulnerability enables improper enforcement of permissions, with successful exploitation potentially impacting availability alongside other effects indicated by the CVSS vector.

A local attacker requires only local access to the system, with low attack complexity, no privileges, and no user interaction. Exploitation can result in high confidentiality impact through unauthorized access to sensitive data, alongside low impacts to integrity and availability.

Huawei has published security bulletins in March 2026 for consumer products and wearables, available at https://consumer.huawei.com/en/support/bulletin/2026/3/ and https://consumer.huawei.com/en/support/bulletinwearables/2026/3/, which provide details on patches and mitigation measures.

EU & UK References

Vulnerability details

Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Permission bypass in system service framework allows local unprivileged attacker to obtain unauthorized sensitive data access (maps to T1005) and achieve effective privilege escalation via exploitation (maps to T1068).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-57960Same product: Huawei Emui
CVE-2026-28553Same product: Huawei Emui
CVE-2024-58043Same product: Huawei Emui
CVE-2024-57961Same product: Huawei Emui
CVE-2024-56449Same product: Huawei Emui
CVE-2026-34859Same product: Huawei Emui
CVE-2024-58044Same product: Huawei Emui
CVE-2024-56447Same product: Huawei Emui
CVE-2026-28548Same product: Huawei Emui
CVE-2023-52953Same product: Huawei Emui

Affected Assets

huawei
emui
13.0.0, 14.0.0, 14.2.0
huawei
harmonyos
3.1.0, 4.0.0, 4.2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access control policies to block the permission bypass in the system service framework.

prevent

Limits privileges so that successful bypass yields minimal unauthorized access to sensitive data.

prevent

Requires timely application of Huawei patches that correct the permission enforcement flaw.

References