Security Vulnerability Report
中文
CVE-2026-33565 CVSS 3.3 LOW

CVE-2026-33565

Published: 2026-05-19 04:16:31
Last Modified: 2026-05-19 14:25:04
Source: [email protected]

Description

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.

CVSS Details

CVSS Score
3.3
Severity
LOW
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Configurations (Affected Products)

No configuration data available.

OpenHarmony <= v6.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
/* * PoC for CVE-2026-33565 (OpenHarmony Local DoS) * Description: This code simulates triggering the vulnerability * by sending a malformed request to a vulnerable system service. * Compilation: gcc -o poc_exploit poc_exploit.c */ #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> // Simulated vulnerable function call void trigger_vulnerability(char *input) { // In a real scenario, this function belongs to the system service // and lacks proper NULL checks or length validation. if (input == NULL) { // This logic path might not be hit if the input is crafted differently return; } // Simulating the crash condition (e.g., buffer overflow or null dereference) // This is a placeholder for the actual exploit logic. printf("[*] Sending payload to service...\n"); // Hypothetical system call that causes the crash // memcpy((void *)0x0, input, strlen(input)); // Simulated Segfault // Actual exploit would involve specific IOCTLs or API calls // identified in the technical analysis. } int main() { printf("[*] CVE-2026-33565 PoC Start\n"); printf("[*] Targeting OpenHarmony <= v6.0\n"); // Craft malicious payload char *malicious_payload = "CRASH_PAYLOAD"; // Attempt to trigger the vulnerability trigger_vulnerability(malicious_payload); printf("[*] Exploit executed. If successful, system should hang or reboot.\n"); return 0; }

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-33565", "sourceIdentifier": "[email protected]", "published": "2026-05-19T04:16:31.183", "lastModified": "2026-05-19T14:25:04.340", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseScore": 3.3, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-364"}]}], "references": [{"url": "https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-05.md", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.