Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.5
Email Application Fails to Verify Sender Identity
CVE-2026-28548
Summary
An email application doesn't properly check the sender of emails, which could allow an attacker to send emails that appear to come from a trusted source, potentially leading to sensitive information being compromised. This is a security risk because it could allow unauthorized access to confidential information. To protect against this, update the email application to the latest version or use a secure email service that verifies sender identities.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| huawei | emui | 12.0.0 | – |
| huawei | emui | 13.0.0 | – |
| huawei | emui | 14.0.0 | – |
| huawei | emui | 14.2.0 | – |
| huawei | harmonyos | 2.0.0 | – |
| huawei | harmonyos | 3.1.0 | – |
| huawei | harmonyos | 4.0.0 | – |
| huawei | harmonyos | 4.2.0 | – |
Original title
Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Original description
Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
nvd CVSS3.1
5.5
Vulnerability type
CWE-269
Improper Privilege Management
- https://consumer.huawei.com/en/support/bulletin/2026/3/ Vendor Advisory
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026