[Security-bulletin] 2026年03月安全公告

发布于2026.03.03 备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。 以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。 CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接 CVE-2026-22801中危6.8third_party_libpngOpenHarmony-v6.0-Release6.0.x CVE-2026-22695中危6.1third_party_libpngOpenHarmony-v6.0-Release6.0.x CVE-2025-66293高危7.1third_party_libpngOpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release6.0.x 5.1.0.x CVE-2025-65018无尚未提供third_party_libpngOpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release6.0.x 5.1.0.x CVE-2025-64720无尚未提供third_party_libpngOpenHarmony-v6.0-Release6.0.x CVE-2025-64505无尚未提供third_party_libpngOpenHarmony-v6.0-Release6.0.x CVE-2025-39902无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x CVE-2025-39756无尚未提供kernel_linux_5.10OpenHarmony-5.0.3-Release5.0.3.x CVE-2025-12726中危6.3third_party_chromiumOpenHarmony-v6.0-Release6.0.x CVE-2025-10200高危8.8third_party_chromiumOpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x CVE-2022-50266无尚未提供kernel_linux_5.10OpenHarmony-v6.0-Release OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x 以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。 对应维护版本安全补丁修改方式参考链接 6.0.xhttps://gitcode.com/openharmony/startup_init/pull/4432 5.1.0.xhttps://gitcode.com/openharmony/startup_init/pull/4434 5.0.3.xhttps://gitcode.com/openharmony/startup_init/pull/4431