Cyber Resilience

CVE-2026-34854

Medium

Published: 13 April 2026

Published
13 April 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0000 0.1th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-34854 is a medium-severity Use After Free (CWE-416) vulnerability in Huawei Harmonyos. Its CVSS base score is 5.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 0.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2026-34854 is a Use-After-Free (UAF) vulnerability, classified under CWE-416, present in the kernel module. Published on 2026-04-13, it carries a CVSS v3.1 base score of 5.7 (Medium severity) and primarily impacts Huawei products, as referenced in the vendor's support bulletin.

Exploitation requires local access (AV:L), high attack complexity (AC:H), and high privileges (PR:H), with no user interaction (UI:N) and unchanged scope (S:U). A successful attack can achieve high confidentiality impact (C:H) and high availability impact (A:H), with no integrity impact (I:N), allowing a privileged local attacker to potentially disclose sensitive kernel memory and cause denial of service.

Huawei has published a support bulletin at https://consumer.huawei.com/en/support/bulletin/2026/4/ addressing this vulnerability, which security practitioners should consult for details on patches and mitigation steps.

EU & UK References

Vulnerability details

UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
T1499 Endpoint Denial of Service Impact
Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.
Why these techniques?

Kernel UAF enables exploitation to disclose sensitive memory for credential access (T1212) and cause system DoS (T1499) via local privileged access.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-34859Same product: Huawei Emui
CVE-2024-57959Same product: Huawei Emui
CVE-2024-56434Same product: Huawei Emui
CVE-2026-28553Same product: Huawei Emui
CVE-2024-56449Same product: Huawei Emui
CVE-2024-56448Same product: Huawei Emui
CVE-2026-28552Same product: Huawei Emui
CVE-2026-28542Same product: Huawei Emui
CVE-2024-58044Same product: Huawei Emui
CVE-2023-52955Same product: Huawei Emui

Affected Assets

huawei
harmonyos
4.0.0, 4.2.0, 4.3.0, 4.3.1, 5.1.0
huawei
emui
14.0.0, 14.2.0, 15.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of flaws, directly addressing the kernel UAF vulnerability in CVE-2026-34854 through vendor patches from the Huawei bulletin.

prevent

Implements memory protection mechanisms like ASLR, DEP, and guard pages that hinder exploitation of the UAF for kernel memory disclosure or DoS.

prevent

Enforces secure kernel configuration settings, including hardening parameters that provide additional defenses against UAF exploitation in kernel modules.

References