OpenHarmony RCE: Remote Code Execution in Pre-Installed Apps (CVE-2026-27648)

/HIGH /CVSS 8.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycode-executioncwe-787
OpenHarmony RCE: Remote Code Execution in Pre-Installed Apps (CVE-2026-27648)

A critical vulnerability, CVE-2026-27648, has been identified in OpenHarmony v6.0 and prior versions, allowing remote attackers to execute arbitrary code within pre-installed applications. The National Vulnerability Database has assigned a CVSS score of 8.8 (HIGH) to this flaw, underscoring its severe potential impact. This vulnerability is categorized under CWE-787, indicating an out-of-bounds write.

The attacker’s calculus here is straightforward: target default, often unmonitored applications to gain a foothold. The fact that this is remote arbitrary code execution in pre-installed apps means the attack surface is broad, encompassing any device running affected OpenHarmony versions with these applications. For defenders, this isn’t about a niche, custom app; it’s about the foundational software layer.

While specific affected products beyond OpenHarmony versions are not detailed by the National Vulnerability Database, the implication is clear: any device or system leveraging vulnerable OpenHarmony builds is at risk. CISOs must treat this as a high-priority architectural flaw, demanding immediate attention to patch cycles and supply chain integrity for OpenHarmony-based deployments.

What This Means For You

  • If your organization deploys or develops on OpenHarmony v6.0 or earlier, you need to immediately assess your exposure to CVE-2026-27648. Prioritize patching to mitigate remote arbitrary code execution risks in pre-installed applications. This is a supply chain and platform-level vulnerability — do not underestimate it.

Indicators of Compromise

IDTypeIndicator
CVE-2026-27648 RCE OpenHarmony v6.0 and prior versions
CVE-2026-27648 RCE arbitrary code execution in pre-installed apps

Written by SCW Vulnerability Desk

🔎
Track critical vulnerabilities Use /brief to get an analyst-ready weekly threat summary with severity rankings and key IOCs.
Open Intel Bot →
Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 19, 2026 at 07:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-47308 — Samsung Open Source Walrus Null Pointer Dereference

CVE-2026-47308 — NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.

vulnerabilityCVEmedium-severitynull-pointer-dereferencecwe-476
/SCW Vulnerability Desk /MEDIUM /5.5 /⚑ 2 IOCs /⚙ 2 Sigma

CVE-2026-32994 — The /api/v1/autotranslate.translateMessage endpoint in

CVE-2026-32994 — The /api/v1/autotranslate.translateMessage endpoint in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.6, <7.13.8, and <7.10.12 allows any authenticated user to retrieve the full content...

vulnerabilityCVEmedium-severitycwe-284
/SCW Vulnerability Desk /MEDIUM /5.3 /⚑ 2 IOCs /⚙ 3 Sigma

CVE-2026-47307 — Samsung Open Source Walrus Denial of Service

CVE-2026-47307 — NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-476
/SCW Vulnerability Desk /MEDIUM /5.5 /⚑ 2 IOCs /⚙ 2 Sigma