¡¾·ì϶¹«¸æ¡¿Apache SolrÓ²±àÂëÍ´´¦·ì϶(CVE-2026-44825)
°ä²¼¹¦·ò 2026-06-05Ò»¡¢·ì϶¸ÅÊö

Apache SolrÊÇÒ»¿î»ùÓÚApache LuceneµÄ¿ªÔ´ÆóÒµ¼¶ËÑË÷ƽ̨£¬Ö§³ÖÈ«ÎļìË÷¡¢É¢²¼Ê½Ë÷Òý¡¢SolrCloud¼¯Èº¡¢¸ß¿ÉÓᢷÖÃæËÑË÷ºÍʵʱË÷ÒýµÈÄÜÁ¦£¬¿í·ºÀûÓÃÓÚÕ¾ÄÚËÑË÷¡¢ÈÕÖ¾¼ìË÷¡¢ÄÚÈݼìË÷ºÍÊý¾Ý·ÖÎö³¡¾°¡£
2026Äê6ÔÂ5ÈÕ£¬mansion88Ã÷Éý°²È«Ó¦¼±ÏìÓ¦ÖÐÐÄ£¨VSRC£©¼à²âµ½Apache SolrÓ²±àÂëÍ´´¦·ì϶¡£¸Ã·ì϶´æÔÚÓÚbin/solr auth enableÈÏÖ¤ÆôÓÃÁ÷³ÌÖУ¬ÓÉÓÚ¹¤¾ßÔÚÅäÖÃBasicAuthʱ¿ÉÄܾ²Ä¬´´½¨´øÓй«¿ªÄ¬ÈÏÍ´´¦µÄÄ£°åÓû§£¬µ¼ÖÂÔ¶³Ì¹¥»÷Õß¿ÉʹÓÃÒÑÖªÕ˺ÅÃÜÂëµÇ¼SolrCloud¼¯Èº²¢»ñÈ¡ÖÎÀíԱȨÏÞ¡£¹¥»÷Õ߿ɽøÒ»²½½Ó¼ûË÷ÒýÊý¾Ý¡¢Åú¸ÄÈÏÖ¤ÅäÖᢴ´½¨ºóÃÅÕ˺ŻòÓ°ÏìÒµÎñ¿ÉÓÃÐÔ¡£
¶þ¡¢Ó°ÏìÁìÓò
9.4.0 <= Apache Solr <= 9.10.1
Apache Solr = 10.0.0
ÒÔÏÂÇé¿ö²»ÊÜÓ°Ï죺
δʹÓà bin/solr auth enable³õʼ»¯BasicAuthµÄApache Solr¼¯Èº
ÒÑÔÚ³õʼ»¯ºóÅú¸Äsuperadmin¡¢admin¡¢search¡¢indexÄ£°åÓû§Ä¬ÈÏÃÜÂëµÄApache Solr
Èý¡¢°²È«´ëÊ©
3.1 Éý¼¶°æ±¾
¹Ù·½ÒѰ䲼½¨¸´²¹¶¡£¬ÒÔ½¨¸´¸Ã·ì϶¡£
Apache Solr >= 9.11.0
Apache Solr >= 10.1.0
ÏÂÔØÁ´½Ó£º
https://solr.apache.org/downloads.html/
3.2 һʱ´ëÊ©
ɾ³ýsecurity.jsonÖеÄsuperadmin¡¢admin¡¢search¡¢indexÄ£°åÓû§»òΪsuperadmin¡¢admin¡¢search¡¢indexÉèÖÃÇ¿Ëæ»úÃÜÂë¡£
3.3 ͨÓý¨Òé
¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬Ï÷¼õϵͳ·ì϶£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£
¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔ죬Åú¸Ä·À»ðǽսÊõ£¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬Ï÷¼õ¹¥»÷Ãæ¡£
ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£
¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏÞ¶È¡£
ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£
3.4 ²Î¿¼Á´½Ó
https://www.openwall.com/lists/oss-security/2026/05/29/6/
https://lists.apache.org/thread/5xg6xr99glocp3zsg9ht2zlbwlrst7ch
https://horizon3.ai/attack-research/vulnerabilities/cve-2026-44825/
https://nvd.nist.gov/vuln/detail/CVE-2026-44825


¾©¹«Íø°²±¸11010802024551ºÅ