Two high-severity RCE vulnerabilities were published on May 19 affecting OpenHarmony v6.0's pre-installed application layer. CVE-2026-27648 carries a CVSS score of 8.8 and CVE-2026-24792 scores 8.1; both allow remote attackers to execute arbitrary code without requiring local access. A third related flaw, CVE-2026-25781 (CVSS 8.4), enables a local denial-of-service condition that causes unrecoverable system failure. OpenHarmony is Huawei's open-source embedded and IoT operating system deployed across a range of consumer and industrial devices. Attackers exploiting these issues could take full control of affected devices remotely. Teams using OpenHarmony v6.0 in products or CI environments should monitor the OpenHarmony security advisories channel for patches and assess exposure of pre-installed app surfaces.