Skip to content

Commit c18abe6

Browse files
committed
1 parent cb8ed96 commit c18abe6

1 file changed

Lines changed: 22 additions & 4 deletions

File tree

advisories/unreviewed/2026/05/GHSA-9694-5xfg-m7vr/GHSA-9694-5xfg-m7vr.json

Lines changed: 22 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,37 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-9694-5xfg-m7vr",
4-
"modified": "2026-05-15T12:30:31Z",
4+
"modified": "2026-05-15T12:30:37Z",
55
"published": "2026-05-15T12:30:31Z",
66
"aliases": [
77
"CVE-2026-41961"
88
],
9-
"details": "Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability.",
9+
"summary": "Improper Privilege Management in Huawei Contacts Application",
10+
"details": "### Summary\nAn improper privilege management vulnerability exists in the Contacts application module of Huawei consumer devices. Due to insufficient validation of access controls and permissions when processing specific application requests, local or remote attackers can exploit this flaw to disrupt the application's runtime processes. \n\n### Impact\nSuccessful exploitation of this vulnerability allows unauthorized entities to cause a denial-of-service (DoS) condition on the targeted contacts subsystem, leading to service degradation or complete unavailability of contact management features.\n\n### Remediation\nApply the official security updates provided by Huawei in the May 2026 security bulletin. Ensure device firmware is updated to the latest available version through system settings.",
1011
"severity": [
1112
{
1213
"type": "CVSS_V3",
13-
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Packagist",
21+
"name": "com.huawei.contacts"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
}
30+
]
31+
}
32+
]
1433
}
1534
],
16-
"affected": [],
1735
"references": [
1836
{
1937
"type": "ADVISORY",

0 commit comments

Comments
 (0)