CVE-2026-33565 Overview
CVE-2026-33565 is a denial of service vulnerability affecting OpenHarmony v6.0 and prior versions. The flaw allows a local authenticated attacker to trigger a denial of service condition on the affected device. The vulnerability is categorized under [CWE-364] (Signal Handler Race Condition), indicating that the root cause involves improper handling of concurrent signal events. Exploitation requires local access with low privileges and no user interaction, but the impact is limited to availability. According to the published EPSS data, the probability of exploitation in the wild remains very low.
Critical Impact
A local attacker with low privileges can cause a denial of service on OpenHarmony v6.0 and prior versions by exploiting a signal handler race condition.
Affected Products
- OpenHarmony v6.0
- OpenHarmony versions prior to v6.0
Discovery Timeline
- 2026-05-19 - CVE-2026-33565 published to NVD
- 2026-05-19 - Last updated in NVD database
Technical Details for CVE-2026-33565
Vulnerability Analysis
The vulnerability resides in OpenHarmony v6.0 and earlier versions. It is classified under [CWE-364] Signal Handler Race Condition. Signal handler race conditions occur when a process receives a signal while executing non-reentrant code, causing inconsistent program state. An attacker who can deliver signals or trigger the affected code path locally can force the OpenHarmony component into an unstable state. The published advisory characterizes the outcome as a denial of service, with no impact on confidentiality or integrity.
Root Cause
The root cause is improper synchronization between a signal handler and the main execution context within an OpenHarmony component. When concurrent signal events interrupt non-reentrant operations, shared state becomes corrupted. This corruption leads to abnormal process termination or an unrecoverable error condition. Refer to the OpenHarmony Security Disclosure 2026 for component-level technical details.
Attack Vector
Exploitation requires local access to the device and low-privilege authentication. No user interaction is needed. An attacker invokes the vulnerable code path and triggers signal delivery in a manner that races the handler against the main thread. Successful exploitation forces the targeted process or service into a denial of service state. Because the attack vector is local and impact is limited to availability, the practical risk is constrained to scenarios where untrusted code already runs on the device.
Detection Methods for CVE-2026-33565
Indicators of Compromise
- Unexpected crashes or restarts of OpenHarmony system services on devices running v6.0 or earlier.
- Abnormal signal delivery patterns directed at long-running OpenHarmony processes.
- Repeated process termination events correlated with a single local user session.
Detection Strategies
- Monitor OpenHarmony device logs for repeated service restarts and abnormal process termination events.
- Audit local applications and components that issue signals to system processes, looking for anomalous timing or frequency.
- Track installed application behavior on OpenHarmony devices and flag processes that trigger unexpected crash dumps.
Monitoring Recommendations
- Enable verbose kernel and userspace crash logging on OpenHarmony devices to capture signal-related fault context.
- Aggregate device telemetry centrally and alert on clusters of denial of service events tied to specific applications.
- Review application install events for low-privilege apps that interact with affected system components.
How to Mitigate CVE-2026-33565
Immediate Actions Required
- Identify all OpenHarmony devices running v6.0 or earlier in the environment.
- Apply the security update referenced in the OpenHarmony May 2026 security disclosure as soon as it is available for the device platform.
- Restrict installation of untrusted local applications on affected devices until patches are deployed.
Patch Information
OpenHarmony has published advisory details in the OpenHarmony Security Disclosure 2026. Device vendors and downstream integrators should pull the corresponding upstream fixes and ship updated firmware to deployed devices. Verify the installed version after patching to confirm remediation.
Workarounds
- Limit local access to OpenHarmony devices to trusted users and provisioned applications only.
- Disable or remove untrusted third-party applications that can send signals to affected system components.
- Apply application sandboxing and least-privilege policies to reduce the attack surface available to local actors.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

