OpenHarmony v6.0 RCE: Pre-Installed Apps Vulnerable

/HIGH /CVSS 8.1/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycode-executioncwe-364
OpenHarmony v6.0 RCE: Pre-Installed Apps Vulnerable

The National Vulnerability Database (NVD) has documented CVE-2026-24792, a high-severity arbitrary code execution vulnerability affecting OpenHarmony v6.0 and earlier. This flaw, rated 8.1 CVSS (HIGH), allows a remote attacker to execute arbitrary code within pre-installed applications.

The core issue, categorized as CWE-364 (Improper Handling of Duplicate Resources), points to a logic flaw where duplicate or conflicting resource handling can be abused. While specific affected products beyond the OpenHarmony OS are not detailed by the NVD, the implications for devices running this operating system are significant. Any device utilizing OpenHarmony as its foundational OS, particularly those with pre-installed applications that cannot be easily removed or updated by the user, is at risk.

This isn’t just a theoretical vulnerability; remote code execution in pre-installed applications offers a persistent and privileged foothold. Attackers can leverage this to exfiltrate data, install further malware, or establish long-term persistence on compromised devices. The attacker’s calculus here is straightforward: target the OS layer to gain control over the entire device ecosystem, bypassing user interaction for initial compromise.

What This Means For You

  • If your organization develops or deploys devices running OpenHarmony v6.0 or earlier, you need to urgently assess your software supply chain for this vulnerability. Prioritize patching or implementing vendor-supplied mitigations for CVE-2026-24792, focusing on the integrity of pre-installed applications and their update mechanisms.

Indicators of Compromise

IDTypeIndicator
CVE-2026-24792 RCE OpenHarmony v6.0 and prior versions
CVE-2026-24792 RCE arbitrary code execution in pre-installed apps

Written by SCW Vulnerability Desk

🔎
Track Critical Vulnerabilities Use /brief to get an analyst-ready weekly threat summary with severity rankings and key IOCs.
Open Intel Bot →
Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 19, 2026 at 07:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-47308 — Samsung Open Source Walrus Null Pointer Dereference

CVE-2026-47308 — NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.

vulnerabilityCVEmedium-severitynull-pointer-dereferencecwe-476
/SCW Vulnerability Desk /MEDIUM /5.5 /⚑ 2 IOCs /⚙ 2 Sigma

CVE-2026-32994 — The /api/v1/autotranslate.translateMessage endpoint in

CVE-2026-32994 — The /api/v1/autotranslate.translateMessage endpoint in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.6, <7.13.8, and <7.10.12 allows any authenticated user to retrieve the full content...

vulnerabilityCVEmedium-severitycwe-284
/SCW Vulnerability Desk /MEDIUM /5.3 /⚑ 2 IOCs /⚙ 3 Sigma

CVE-2026-47307 — Samsung Open Source Walrus Denial of Service

CVE-2026-47307 — NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-476
/SCW Vulnerability Desk /MEDIUM /5.5 /⚑ 2 IOCs /⚙ 2 Sigma