Security Bulletins for HUAWEI Phones/Tablets, February 2026

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following HUAWEI patches:

CVE	Vulnerability Description	Impact	Severity	Affected Version
CVE-2026-24925	Heap-based buffer overflow vulnerability in the image module	Successful exploitation of this vulnerability may affect availability.	High	HarmonyOS6.0.0, HarmonyOS5.1.0
CVE-2026-24926	Out-of-bounds write vulnerability in the camera module	Successful exploitation of this vulnerability may affect availability.	High	HarmonyOS6.0.0
CVE-2026-24914	Type confusion vulnerability in the camera module	Successful exploitation of this vulnerability may affect availability.	Medium	HarmonyOS6.0.0
CVE-2026-24915	Out-of-bounds read issue in the media subsystem	Successful exploitation of this vulnerability will affect availability and confidentiality.	Medium	HarmonyOS6.0.0, HarmonyOS5.1.0
CVE-2026-24916	Identity authentication bypass vulnerability in the window module	Successful exploitation of this vulnerability may affect service confidentiality.	Medium	HarmonyOS6.0.0
CVE-2026-24917	UAF vulnerability in the security module	Successful exploitation of this vulnerability may affect availability.	Medium	HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2026-24918	Address read vulnerability in the communication module	Successful exploitation of this vulnerability may affect availability.	Medium	HarmonyOS6.0.0, HarmonyOS5.1.0, HarmonyOS4.3.1, EMUI 15.0.0
CVE-2026-24919	Out-of-bounds write vulnerability in the DFX module	Successful exploitation of this vulnerability may affect availability.	Medium	HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0
CVE-2026-24920	Permission control vulnerability in the AMS module	Successful exploitation of this vulnerability may affect availability.	Medium	HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, EMUI 15.0.0, EMUI 14.2.0
CVE-2026-24921	Address read vulnerability in the HDC module	Successful exploitation of this vulnerability will affect availability and confidentiality.	Medium	HarmonyOS6.0.0
CVE-2026-24922	Buffer overflow vulnerability in the HDC module	Successful exploitation of this vulnerability may affect availability.	Medium	HarmonyOS6.0.0
CVE-2026-24923	Permission control vulnerability in the HDC module	Successful exploitation of this vulnerability may affect service confidentiality.	Medium	HarmonyOS6.0.0
CVE-2026-24924	Vulnerability of improper permission control in the print module	Successful exploitation of this vulnerability may affect service confidentiality.	Medium	HarmonyOS6.0.0
CVE-2026-24927	Out-of-bounds access vulnerability in the frequency modulation module	Successful exploitation of this vulnerability may affect availability.	Medium	HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0
CVE-2026-24928	Out-of-bounds write vulnerability in the file system module	Successful exploitation of this vulnerability may affect service confidentiality.	Medium	HarmonyOS4.2.0, EMUI 14.2.0
CVE-2026-24929	Out-of-bounds read vulnerability in the graphics module	Successful exploitation of this vulnerability may affect availability.	Medium	HarmonyOS6.0.0
CVE-2026-24930	UAF concurrency vulnerability in the graphics module	Successful exploitation of this vulnerability may affect availability.	Medium	HarmonyOS6.0.0, HarmonyOS5.1.0
CVE-2026-24931	Vulnerability of improper criterion security check in the card module	Successful exploitation of this vulnerability may affect service confidentiality.	Medium	HarmonyOS6.0.0, HarmonyOS5.1.0

This security update includes the following third-party library patches:

CVE	Severity	Affected Version
CVE-2025-22420	High	HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-32328	High	HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-32329	High	HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-48572	High	HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2025-48576	High	HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-48590	High	HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2025-48627	High	HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2024-49726	High	HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2025-32332	High	HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0
CVE-2025-48537	High	HarmonyOS4.3.1, HarmonyOS4.3.0, HarmonyOS4.2.0, HarmonyOS4.0.0, HarmonyOS3.1.0, HarmonyOS3.0.0, HarmonyOS2.0.0, EMUI 15.0.0, EMUI 14.2.0, EMUI 14.0.0, EMUI 13.0.0, EMUI 12.0.0
CVE-2025-39683	High	HarmonyOS6.0.0, HarmonyOS5.1.0
CVE-2025-12736	Medium	HarmonyOS5.1.0
CVE-2025-38732	Medium	HarmonyOS6.0.0, HarmonyOS5.1.0
CVE-2023-53450	Medium	HarmonyOS6.0.0, HarmonyOS5.1.0
CVE-2025-40173	Medium	HarmonyOS6.0.0, HarmonyOS5.1.0

Updated on: 2026-02-05

HUAWEI support

Security Bulletins for HUAWEI Phones/Tablets, February 2026