[Security-bulletin] 2026年05月安全公告

7 May 2026


      发布于2026.05.07

备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。 
CVE漏洞描述漏洞影响CVSS3.1基础得分受影响的版本受影响的仓库修复链接
CVE-2026-25850filemanagement_storage_service 不正确的权限管控漏洞本地攻击者可造成敏感信息泄露5.5OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Releasefilemanagement_storage_service6.0.x 5.1.0.x
CVE-2026-27766multimedia_audio_framework 条件竞争漏洞本地攻击者可造成敏感信息泄露5.5OpenHarmony-v6.0-Releasemultimedia_audio_framework6.0.x
CVE-2026-28733filemanagement_storage_service UAF漏洞本地攻击者可造成任意代码执行6.5OpenHarmony-v5.1.0-Releasefilemanagement_storage_service5.1.0.x
CVE-2026-25781kernel_liteos_a 越界写漏洞本地攻击者可造成DOS，并无法恢复8.4OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Releasekernel_liteos_a6.0.x 5.1.0.x
CVE-2026-33565kernel_linux_common_modules 条件竞争漏洞本地攻击者可造成DOS3.3OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Releasekernel_linux_common_modules6.0.x 5.1.0.x

以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。
CVE严重程度CVSS 3.1得分受影响的仓库受影响的OpenHarmony版本修复链接
CVE-2026-25646中危6.3third_party_libpngOpenHarmony-v6.0-Release6.0.x
CVE-2026-22693中危5.3third_party_harfbuzzOpenHarmony-v6.0-Release6.0.x
CVE-2026-1757中危6.2third_party_libxml2OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2026-0992低危2.9third_party_libxml2OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2026-0990中危5.9third_party_libxml2OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2026-0989低危3.7third_party_libxml2OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-9230高危7.5third_party_opensslOpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-8194高危7.5third_party_pythonOpenHarmony-v6.0-Release6.0.x
CVE-2025-28164无尚未提供third_party_libpngOpenHarmony-v6.0-Release6.0.x
CVE-2025-28162无尚未提供third_party_libpngOpenHarmony-v6.0-Release6.0.x
CVE-2026-4675高危8.8third_party_chromiumOpenHarmony-v6.0-Release6.0.x
CVE-2026-3909高危8.8third_party_chromiumOpenHarmony-v6.0-Release6.0.x
CVE-2026-3784中危5.3third_party_curlOpenHarmony-v6.0-Release6.0.x
CVE-2026-3713中危5.3third_party_libpngOpenHarmony-v6.0-Release6.0.x
CVE-2026-3783无尚未提供third_party_curlOpenHarmony-v6.0-Release6.0.x
CVE-2026-3538高危8.8third_party_chromiumOpenHarmony-v6.0-Release6.0.x
CVE-2026-33636高危7.6third_party_libpngOpenHarmony-v6.0-Release6.0.x
CVE-2026-33416中危6.3third_party_libpngOpenHarmony-v6.0-Release6.0.x
CVE-2026-27135高危7.5third_party_nghttp2OpenHarmony-v6.0-Release6.0.x
CVE-2026-23865中危5.3third_party_freetypeOpenHarmony-v6.0-Release6.0.x
CVE-2026-22796无尚未提供third_party_opensslOpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2026-22795无尚未提供third_party_opensslOpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2026-1965中危6.5third_party_curlOpenHarmony-v6.0-Release6.0.x
CVE-2025-8732低危3.3third_party_libxml2OpenHarmony-v6.0-Release6.0.x
CVE-2025-8576无尚未提供third_party_chromiumOpenHarmony-v6.0-Release6.0.x
CVE-2025-69421无尚未提供third_party_opensslOpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-69420无尚未提供third_party_opensslOpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-69419无尚未提供third_party_opensslOpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-69418无尚未提供third_party_opensslOpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-68160无尚未提供third_party_opensslOpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-6558高危8.8third_party_chromiumOpenHarmony-v6.0-Release6.0.x
CVE-2025-6170低危2.5third_party_libxml2OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release5.1.0.x 5.0.3.x
CVE-2025-57812低危3.7third_party_cups-filtersOpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release6.0.x 5.1.0.x
CVE-2025-57812低危3.7third_party_cups-filtersOpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release6.0.x 5.1.0.x
CVE-2025-5281中危5.4third_party_chromiumOpenHarmony-v6.0-Release6.0.x
CVE-2025-5068高危8.8third_party_chromiumOpenHarmony-v5.1.0-Release5.1.0.x
CVE-2025-5064中危5.4third_party_chromiumOpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release6.0.x 5.1.0.x
CVE-2025-5063高危8.8third_party_chromiumOpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release6.0.x 5.1.0.x
CVE-2025-49794中危6.3third_party_libxml2OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release5.1.0.x 5.0.3.x
CVE-2025-4664中危4.3third_party_chromiumOpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release6.0.x 5.1.0.x
CVE-2025-3620高危8.8third_party_chromiumOpenHarmony-v5.1.0-Release5.1.0.x
CVE-2025-32414中危5.6third_party_libxml2OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release5.1.0.x 5.0.3.x
CVE-2025-15467无尚未提供third_party_opensslOpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release6.0.x 5.1.0.x 5.0.3.x
CVE-2025-14819无尚未提供third_party_curlOpenHarmony-v6.0-Release6.0.x
CVE-2025-14524无尚未提供third_party_curlOpenHarmony-v6.0-Release6.0.x
CVE-2025-0762高危8.8third_party_chromiumOpenHarmony-v5.1.0-Release5.1.0.x
CVE-2024-8636高危8.8third_party_chromiumOpenHarmony-v5.1.0-Release5.1.0.x
CVE-2024-56171高危7.8third_party_libxml2OpenHarmony-v5.0.3-Release5.0.3.x
CVE-2023-52890中危4.6third_party_ntfs-3gOpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release6.0.x 5.1.0.x

以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。
对应维护版本安全补丁修改方式参考链接
6.0.xhttps://gitcode.com/openharmony/startup_init/pull/4515
5.1.0.xhttps://gitcode.com/openharmony/startup_init/pull/4357
5.0.3.xhttps://gitcode.com/openharmony/startup_init/pull/4514

[Security-bulletin] 2026年05月安全公告

王晨