CVE-2026-34853
Published: 13 April 2026
Summary
CVE-2026-34853 is a high-severity Privilege Context Switching Error (CWE-270) vulnerability in Huawei Harmonyos. Its CVSS base score is 7.7 (High).
Operationally, ranked at the 0.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for access to system resources, directly preventing permission bypass vulnerabilities like CVE-2026-34853 in the LBS module.
Requires a tamper-proof reference monitor to enforce access controls comprehensively, mitigating bypasses even by high-privilege local attackers.
Limits privileges to the minimum necessary, reducing the scope and impact of high-privilege (PR:H) permission bypass exploits.
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.NVD Description
Permission bypass vulnerability in the LBS module. Impact: Successful exploitation of this vulnerability may affect availability.
Deeper analysisAI
CVE-2026-34853 is a permission bypass vulnerability (CWE-270) in the LBS module affecting Huawei consumer products. Published on 2026-04-13, it carries a CVSS v3.1 base score of 7.7 (AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H).
A local attacker with high privileges can exploit this vulnerability with low complexity and user interaction. Successful exploitation results in high impacts to confidentiality, integrity, and availability, with a changed scope; the description specifies that it may affect availability.
Huawei security advisories provide further details at https://consumer.huawei.com/en/support/bulletin/2026/4/ and https://consumer.huawei.com/en/support/bulletinvision/2026/4/.
Details
- CWE(s)