CVE-2025-26474 PUBLISHED

communication_ipc an improper input validation vulnerability

Assigner: OpenHarmony
Reserved: 02.03.2025 Published: 16.03.2026 Updated: 16.03.2026

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. This vulnerability can be exploited only in restricted scenarios.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS Score: 3.3

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	OpenHarmony
Product	OpenHarmony
Versions	Default: unaffected affected from v5.0.3 to v5.0.3.x (incl.)

References

https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2025/2025-09.md

Problem Types

CWE-20 Improper input validation CWE