发布于2026.05.07

备注：OpenHarmony 5.0阶段各分支中当前主要对OpenHarmony-5.0.3-Release分支进行安全漏洞维护。

CVE	漏洞描述	漏洞影响	CVSS3.1基础得分	受影响的版本	受影响的仓库	修复链接
CVE-2026-25850	filemanagement_storage_service 不正确的权限管控漏洞	本地攻击者可造成敏感信息泄露	5.5	OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release	filemanagement_storage_service	6.0.x 5.1.0.x
CVE-2026-27766	multimedia_audio_framework 条件竞争漏洞	本地攻击者可造成敏感信息泄露	5.5	OpenHarmony-v6.0-Release	multimedia_audio_framework	6.0.x
CVE-2026-28733	filemanagement_storage_service UAF漏洞	本地攻击者可造成任意代码执行	6.5	OpenHarmony-v5.1.0-Release	filemanagement_storage_service	5.1.0.x
CVE-2026-25781	kernel_liteos_a 越界写漏洞	本地攻击者可造成DOS，并无法恢复	8.4	OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release	kernel_liteos_a	6.0.x 5.1.0.x
CVE-2026-33565	kernel_linux_common_modules 条件竞争漏洞	本地攻击者可造成DOS	3.3	OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release	kernel_linux_common_modules	6.0.x 5.1.0.x

以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。

CVE	严重程度	CVSS 3.1得分	受影响的仓库	受影响的OpenHarmony版本	修复链接
CVE-2026-25646	中危	6.3	third_party_libpng	OpenHarmony-v6.0-Release	6.0.x
CVE-2026-22693	中危	5.3	third_party_harfbuzz	OpenHarmony-v6.0-Release	6.0.x
CVE-2026-1757	中危	6.2	third_party_libxml2	OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release	6.0.x 5.1.0.x 5.0.3.x
CVE-2026-0992	低危	2.9	third_party_libxml2	OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release	6.0.x 5.1.0.x 5.0.3.x
CVE-2026-0990	中危	5.9	third_party_libxml2	OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release	6.0.x 5.1.0.x 5.0.3.x
CVE-2026-0989	低危	3.7	third_party_libxml2	OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release	6.0.x 5.1.0.x 5.0.3.x
CVE-2025-9230	高危	7.5	third_party_openssl	OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release	6.0.x 5.1.0.x 5.0.3.x
CVE-2025-8194	高危	7.5	third_party_python	OpenHarmony-v6.0-Release	6.0.x
CVE-2025-28164	无	尚未提供	third_party_libpng	OpenHarmony-v6.0-Release	6.0.x
CVE-2025-28162	无	尚未提供	third_party_libpng	OpenHarmony-v6.0-Release	6.0.x
CVE-2026-4675	高危	8.8	third_party_chromium	OpenHarmony-v6.0-Release	6.0.x
CVE-2026-3909	高危	8.8	third_party_chromium	OpenHarmony-v6.0-Release	6.0.x
CVE-2026-3784	中危	5.3	third_party_curl	OpenHarmony-v6.0-Release	6.0.x
CVE-2026-3713	中危	5.3	third_party_libpng	OpenHarmony-v6.0-Release	6.0.x
CVE-2026-3783	无	尚未提供	third_party_curl	OpenHarmony-v6.0-Release	6.0.x
CVE-2026-3538	高危	8.8	third_party_chromium	OpenHarmony-v6.0-Release	6.0.x
CVE-2026-33636	高危	7.6	third_party_libpng	OpenHarmony-v6.0-Release	6.0.x
CVE-2026-33416	中危	6.3	third_party_libpng	OpenHarmony-v6.0-Release	6.0.x
CVE-2026-27135	高危	7.5	third_party_nghttp2	OpenHarmony-v6.0-Release	6.0.x
CVE-2026-23865	中危	5.3	third_party_freetype	OpenHarmony-v6.0-Release	6.0.x
CVE-2026-22796	无	尚未提供	third_party_openssl	OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release	6.0.x 5.1.0.x 5.0.3.x
CVE-2026-22795	无	尚未提供	third_party_openssl	OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release	6.0.x 5.1.0.x 5.0.3.x
CVE-2026-1965	中危	6.5	third_party_curl	OpenHarmony-v6.0-Release	6.0.x
CVE-2025-8732	低危	3.3	third_party_libxml2	OpenHarmony-v6.0-Release	6.0.x
CVE-2025-8576	无	尚未提供	third_party_chromium	OpenHarmony-v6.0-Release	6.0.x
CVE-2025-69421	无	尚未提供	third_party_openssl	OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release	6.0.x 5.1.0.x 5.0.3.x
CVE-2025-69420	无	尚未提供	third_party_openssl	OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release	6.0.x 5.1.0.x 5.0.3.x
CVE-2025-69419	无	尚未提供	third_party_openssl	OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release	6.0.x 5.1.0.x 5.0.3.x
CVE-2025-69418	无	尚未提供	third_party_openssl	OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release	6.0.x 5.1.0.x 5.0.3.x
CVE-2025-68160	无	尚未提供	third_party_openssl	OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release	6.0.x 5.1.0.x 5.0.3.x
CVE-2025-6558	高危	8.8	third_party_chromium	OpenHarmony-v6.0-Release	6.0.x
CVE-2025-6170	低危	2.5	third_party_libxml2	OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release	5.1.0.x 5.0.3.x
CVE-2025-57812	低危	3.7	third_party_cups-filters	OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release	6.0.x 5.1.0.x
CVE-2025-57812	低危	3.7	third_party_cups-filters	OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release	6.0.x 5.1.0.x
CVE-2025-5281	中危	5.4	third_party_chromium	OpenHarmony-v6.0-Release	6.0.x
CVE-2025-5068	高危	8.8	third_party_chromium	OpenHarmony-v5.1.0-Release	5.1.0.x
CVE-2025-5064	中危	5.4	third_party_chromium	OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release	6.0.x 5.1.0.x
CVE-2025-5063	高危	8.8	third_party_chromium	OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release	6.0.x 5.1.0.x
CVE-2025-49794	中危	6.3	third_party_libxml2	OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release	5.1.0.x 5.0.3.x
CVE-2025-4664	中危	4.3	third_party_chromium	OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release	6.0.x 5.1.0.x
CVE-2025-3620	高危	8.8	third_party_chromium	OpenHarmony-v5.1.0-Release	5.1.0.x
CVE-2025-32414	中危	5.6	third_party_libxml2	OpenHarmony-v5.1.0-Release OpenHarmony-v5.0.3-Release	5.1.0.x 5.0.3.x
CVE-2025-15467	无	尚未提供	third_party_openssl	OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release OpenHarmony-v5.0.3-Release	6.0.x 5.1.0.x 5.0.3.x
CVE-2025-14819	无	尚未提供	third_party_curl	OpenHarmony-v6.0-Release	6.0.x
CVE-2025-14524	无	尚未提供	third_party_curl	OpenHarmony-v6.0-Release	6.0.x
CVE-2025-0762	高危	8.8	third_party_chromium	OpenHarmony-v5.1.0-Release	5.1.0.x
CVE-2024-8636	高危	8.8	third_party_chromium	OpenHarmony-v5.1.0-Release	5.1.0.x
CVE-2024-56171	高危	7.8	third_party_libxml2	OpenHarmony-v5.0.3-Release	5.0.3.x
CVE-2023-52890	中危	4.6	third_party_ntfs-3g	OpenHarmony-v5.1.0-Release OpenHarmony-v6.0-Release	6.0.x 5.1.0.x

以下是各维护版本的安全补丁标签，请在合入当月及之前全部对应安全补丁之后，更新安全补丁标签。

对应维护版本	安全补丁修改方式参考链接
6.0.x	https://gitcode.com/openharmony/startup_init/pull/4515
5.1.0.x	https://gitcode.com/openharmony/startup_init/pull/4357
5.0.3.x	https://gitcode.com/openharmony/startup_init/pull/4514