CVE-2026-24792 is the second remote arbitrary code execution flaw disclosed in OpenHarmony v6.0 on May 19, 2026, carrying a CVSS score of 8.1. Like CVE-2026-27648, the attack vector runs through pre-installed application code, meaning exploitation does not require user installation of a malicious app. The back-to-back RCE disclosures on the same OS version and same day suggest a coordinated audit or patch cycle. Android developers targeting the Huawei ecosystem should treat both CVEs as a single incident requiring prompt review of any code interfacing with OpenHarmony system APIs. An OS-level patch from the OpenHarmony project or device OEM is required to fully remediate.