[GHSA-9694-5xfg-m7vr] Permission control vulnerability in contacts. Impact:...

advisories/unreviewed/2026/05/GHSA-9694-5xfg-m7vr/GHSA-9694-5xfg-m7vr.json

@@ -1,19 +1,37 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9694-5xfg-m7vr",
-  "modified": "2026-05-15T12:30:31Z",
+  "modified": "2026-05-15T12:30:37Z",
   "published": "2026-05-15T12:30:31Z",
   "aliases": [
     "CVE-2026-41961"
   ],
-  "details": "Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability.",
+  "summary": "Improper Privilege Management in Huawei Contacts Application",
+  "details": "### Summary\nAn improper privilege management vulnerability exists in the Contacts application module of Huawei consumer devices. Due to insufficient validation of access controls and permissions when processing specific application requests, local or remote attackers can exploit this flaw to disrupt the application's runtime processes. \n\n### Impact\nSuccessful exploitation of this vulnerability allows unauthorized entities to cause a denial-of-service (DoS) condition on the targeted contacts subsystem, leading to service degradation or complete unavailability of contact management features.\n\n### Remediation\nApply the official security updates provided by Huawei in the May 2026 security bulletin. Ensure device firmware is updated to the latest available version through system settings.",
   "severity": [
     {
       "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "com.huawei.contacts"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ]
     }
   ],
-  "affected": [],
   "references": [
     {
       "type": "ADVISORY",