CNVD-2026-00136

Vulnerability from cnvd - Published: 2026-01-05
VLAI Severity ?
Title
Huawei HarmonyOS/EMUI权限控制漏洞(CNVD-2026-0013655)
Description
Huawei HarmonyOS是华为自主研发的分布式操作系统‌,专为手机、平板、智能家居等全场景设备设计,实现跨设备无缝协同。‌Huawei EMUI是华为基于安卓系统深度定制的手机操作系统‌。 Huawei HarmonyOS/EMUI存在权限控制漏洞,该漏洞源于window management权限控制不当,攻击者可利用该漏洞影响可用性。
Severity
Patch Name
Huawei HarmonyOS/EMUI权限控制漏洞(CNVD-2026-0013655)的补丁
Patch Description
Huawei HarmonyOS是华为自主研发的分布式操作系统‌,专为手机、平板、智能家居等全场景设备设计,实现跨设备无缝协同。‌Huawei EMUI是华为基于安卓系统深度定制的手机操作系统‌。 Huawei HarmonyOS/EMUI存在权限控制不当漏洞,该漏洞源于window management权限控制不当,攻击者可利用该漏洞影响可用性。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已发布升级程序修复该安全问题,详情见厂商官网: https://consumer.huawei.com/en/support/bulletin/2025/12/

Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-66329
Impacted products
Name
['Huawei EMUI 12.0.0', 'Huawei HarmonyOS 3.0.0', 'Huawei HarmonyOS 2.0.0', 'Huawei HarmonyOS 3.1.0', 'Huawei EMUI 13.0.0', 'Huawei HarmonyOS 4.0.0', 'Huawei HarmonyOS 4.2.0', 'Huawei EMUI 14.0.0', 'Huawei HarmonyOS 4.3.0', 'Huawei HarmonyOS 4.3.1', 'Huawei EMUI 15.0.0', 'Huawei EMUI 14.2.0']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-66329",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-66329"
    }
  },
  "description": "Huawei HarmonyOS\u662f\u534e\u4e3a\u81ea\u4e3b\u7814\u53d1\u7684\u5206\u5e03\u5f0f\u64cd\u4f5c\u7cfb\u7edf\u200c\uff0c\u4e13\u4e3a\u624b\u673a\u3001\u5e73\u677f\u3001\u667a\u80fd\u5bb6\u5c45\u7b49\u5168\u573a\u666f\u8bbe\u5907\u8bbe\u8ba1\uff0c\u5b9e\u73b0\u8de8\u8bbe\u5907\u65e0\u7f1d\u534f\u540c\u3002\u200cHuawei EMUI\u662f\u534e\u4e3a\u57fa\u4e8e\u5b89\u5353\u7cfb\u7edf\u6df1\u5ea6\u5b9a\u5236\u7684\u624b\u673a\u64cd\u4f5c\u7cfb\u7edf\u200c\u3002\n\nHuawei HarmonyOS/EMUI\u5b58\u5728\u6743\u9650\u63a7\u5236\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8ewindow management\u6743\u9650\u63a7\u5236\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5f71\u54cd\u53ef\u7528\u6027\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51:\r\nhttps://consumer.huawei.com/en/support/bulletin/2025/12/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-00136",
  "openTime": "2026-01-05",
  "patchDescription": "Huawei HarmonyOS\u662f\u534e\u4e3a\u81ea\u4e3b\u7814\u53d1\u7684\u5206\u5e03\u5f0f\u64cd\u4f5c\u7cfb\u7edf\u200c\uff0c\u4e13\u4e3a\u624b\u673a\u3001\u5e73\u677f\u3001\u667a\u80fd\u5bb6\u5c45\u7b49\u5168\u573a\u666f\u8bbe\u5907\u8bbe\u8ba1\uff0c\u5b9e\u73b0\u8de8\u8bbe\u5907\u65e0\u7f1d\u534f\u540c\u3002\u200cHuawei EMUI\u662f\u534e\u4e3a\u57fa\u4e8e\u5b89\u5353\u7cfb\u7edf\u6df1\u5ea6\u5b9a\u5236\u7684\u624b\u673a\u64cd\u4f5c\u7cfb\u7edf\u200c\u3002\r\n\r\nHuawei HarmonyOS/EMUI\u5b58\u5728\u6743\u9650\u63a7\u5236\u4e0d\u5f53\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8ewindow management\u6743\u9650\u63a7\u5236\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5f71\u54cd\u53ef\u7528\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei HarmonyOS/EMUI\u6743\u9650\u63a7\u5236\u6f0f\u6d1e\uff08CNVD-2026-0013655\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei EMUI 12.0.0",
      "Huawei HarmonyOS 3.0.0",
      "Huawei HarmonyOS 2.0.0",
      "Huawei HarmonyOS 3.1.0",
      "Huawei EMUI 13.0.0",
      "Huawei HarmonyOS 4.0.0",
      "Huawei HarmonyOS 4.2.0",
      "Huawei EMUI 14.0.0",
      "Huawei HarmonyOS 4.3.0",
      "Huawei HarmonyOS 4.3.1",
      "Huawei EMUI 15.0.0",
      "Huawei EMUI 14.2.0"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-66329",
  "serverity": "\u4e2d",
  "submitTime": "2025-12-10",
  "title": "Huawei HarmonyOS/EMUI\u6743\u9650\u63a7\u5236\u6f0f\u6d1e\uff08CNVD-2026-0013655\uff09"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.