Home / Vulnerability Intelligence / CVE-2026-28536

CVE-2026-28536 - Vulnerability Analysis

CriticalCVSS: 9.6

Last Updated: March 6, 2026

Device Authentication - Authentication Bypass

Published: March 5, 2026Updated: March 6, 2026

Overview

The device authentication module contains an authentication bypass vulnerability caused by improper authentication checks, letting attackers bypass authentication, exploit requires no special conditions.

Severity & Score

Severity: Critical

CVSS Score: 9.6

EPSS Score: 1.3%(Probability of exploitation in next 30 days)

Impact

Attackers can bypass authentication, compromising system integrity and confidentiality.

Mitigation

Update to the latest version or apply vendor patches addressing authentication bypass.

References

Social Media Activity(2 posts)

TheHackerWire

@thehackerwire

Mar 5, 2026

🔴 CVE-2026-28536 - Critical (9.6) Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28536/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Offensive Sequence

@offseq

Mar 5, 2026

🚨 CRITICAL auth bypass (CVE-2026-28536) impacts Huawei HarmonyOS 6.0.0 & 5.1.0. Exploitation risks device integrity & confidentiality. No mitigation yet — monitor for updates! https://radar.offseq.com/threat/cve-2026-28536-cwe-305-authentication-bypass-by-pr-3e5ae728 #OffSeq #Huawei #Vuln #InfoSec

View original post

Related Resources

Details

CVE ID: CVE-2026-28536
Severity: Critical
CVSS Score: 9.6
Type: broken_authentication
Status: confirmed
EPSS: 1.3%
Social Posts: 2

CWE

CWE-305

CVSS Metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

1.3%Probability of exploitation in the next 30 days