发布于2026.06.02

备注:OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。

CVE漏洞描述漏洞影响CVSS3.1基础得分受影响的版本受影响的仓库修复链接
CVE-2026-28206update_sys_installer条件竞争漏洞本地攻击者可造成任意代码执行5.5OpenHarmony-v6.0-Releaseupdate_sys_installer6.0.x
CVE-2026-32668update_sys_installer UAF漏洞本地攻击者可造成任意代码执行5.5OpenHarmony-v6.0-Releaseupdate_sys_installer6.0.x

以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本,详细信息请参考三方公告。

CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接
CVE-2026-6314高危8.3third_party_chromiumOpenHarmony-v6.0-Release6.0.x
CVE-2026-6298中危4.3third_party_chromiumOpenHarmony-v6.0-Release6.0.x
CVE-2026-31790尚未提供third_party_opensslOpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release6.0.x 5.1.0.x
CVE-2026-31789尚未提供third_party_opensslOpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release6.0.x 5.1.0.x
CVE-2026-28390尚未提供third_party_opensslOpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release6.0.x 5.1.0.x
CVE-2026-28389尚未提供third_party_opensslOpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release6.0.x 5.1.0.x
CVE-2026-28388尚未提供third_party_opensslOpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release6.0.x 5.1.0.x
CVE-2026-28387尚未提供third_party_opensslOpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release6.0.x 5.1.0.x
CVE-2025-57052致命9.8third_party_cJSONOpenHarmony-v5.0.3-Release OpenHarmony-v5.1.0-Release5.1.0.x 5.0.3.x
CVE-2025-27363高危8.1third_party_freetypeOpenHarmony-v5.0.3-Release OpenHarmony-v5.1.0-Release5.1.0.x 5.0.3.x

以下是各维护版本的安全补丁标签,请在合入当月及之前全部对应安全补丁之后,更新安全补丁标签。

对应维护版本安全补丁修改方式参考链接
6.0.xhttps://gitcode.com/openharmony/startup_init/pull/4603
5.1.0.xhttps://gitcode.com/openharmony/startup_init/pull/4600
5.0.3.xhttps://gitcode.com/openharmony/startup_init/pull/4602