Primary

Context

OpenHarmony Out-of-Bounds Write Vulnerability in arkcompiler_ets_runtime Allowing Arbitrary Code Execution

Vulnerability

Patched

A vulnerability in the arkcompiler_ets_runtime component of OpenHarmony has been identified, allowing local attackers to execute arbitrary code in pre-installed applications. This issue arises from an out-of-bounds write and is present in OpenHarmony versions through 5.1.0. The vulnerability can only be exploited in restricted scenarios.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution in the context of the affected application.

Remediation

Users can apply the available patches in the OpenHarmony-5.1.0-Release and OpenHarmony-5.0.3-Release branches. Instructions for applying these patches can be found in the respective pull requests linked in the CVE details.

Added: Mar 16, 2026, 2:45 PM

Updated: Mar 16, 2026, 2:45 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

2.7

remediation

7.7

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

2.7

remediation

7.7

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenHarmony Out-of-Bounds Write Vulnerability in arkcompiler_ets_runtime Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

OpenHarmony

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating