¡¾Â©¶´Í¨¸æ¡¿Apache CXF JMSÔ¶³Ì´úÂëÖ´ÐЩ¶´(CVE-2026-44417)

·¢²¼Ê±¼ä 2026-05-26
Ò»¡¢Â©¶´¸ÅÊö


©¶´¸ÅÊö0526 2.png


Apache CXFÊÇÒ»¿î¹ã·ºÊ¹ÓõĿªÔ´Web Services¿ª·¢¿ò¼Ü£¬Ö§³ÖSOAP¡¢REST¡¢JAX-WS¡¢JAX-RS¼°JMSµÈ¶àÖÖͨÐÅЭÒ飬³£ÓÃÓÚ¹¹½¨ÆóÒµ¼¶SOA·þÎñ¡¢Î¢·þÎñ¼°·Ö²¼Ê½¼¯³Éƽ̨¡£Æä¾ß±¸Á¼ºÃµÄÀ©Õ¹ÐÔÓëЭÒ鼿ÈÝÄÜÁ¦£¬±»¹ã·ºÓ¦ÓÃÓÚ½ðÈÚ¡¢ÕþÎñ¡¢ÔËÓªÉ̼°ÆóÒµ¼¯³É³¡¾°¡£


2026Äê5ÔÂ26ÈÕ£¬mansion88Ã÷Éý°²È«Ó¦¼±ÏìÓ¦ÖÐÐÄ£¨VSRC£©¼à²âµ½Apache CXF JMSÔ¶³Ì´úÂëÖ´ÐЩ¶´¡£ÊôÓÚ´ËǰCVE-2025-48913ÐÞ¸´²»ÍêÕûµ¼Öµİ²È«ÎÊÌâ¡£ÓÉÓÚApache CXFÔÚ´¦ÀíJMSÅäÖÃʱÈÔ´æÔÚδÍêÈ«¸²¸ÇµÄΣÏÕ´úÂë·¾¶£¬¹¥»÷ÕßÔھ߱¸JMSÅäÖÃȨÏÞ»ò¿É×¢Èë²»¿ÉÐÅJMSÅäÖõÄÇé¿öÏ£¬¿ÉÀûÓøÃ©¶´´¥·¢ÈÎÒâ´úÂëÖ´ÐУ¬½ø¶ø¿ØÖÆÓ¦Ó÷þÎñ¡¢ÇÔÈ¡Ãô¸ÐÊý¾Ý»òºáÏòÉøÍ¸ÄÚ²¿ÏµÍ³¡£¸ÃÎÊÌâÖ÷ÒªÓ°ÏìÆôÓÃJMS´«Ê书ÄܵÄCXF·þÎñ»·¾³£¬¿ÉÄܵ¼ÖÂÒµÎñÖжϡ¢Êý¾Ýй¶¼°ºÏ¹æ·çÏÕ£¬¶ÔÆóÒµSOA¼Ü¹¹¼°»ùÓÚWeb ServicesµÄÒµÎñϵͳ°²È«Ôì³ÉÓ°Ïì¡£



¶þ¡¢Ó°Ï췶Χ



4.0.0 <= Apache CXF(org.apache.cxf:cxf-rt-transports-jms) < 4.1.6

4.2.0 <= Apache CXF(org.apache.cxf:cxf-rt-transports-jms) < 4.2.1

Apache CXF(org.apache.cxf:cxf-rt-transports-jms) < 3.6.11



Èý¡¢°²È«´ëÊ©



3.1 Éý¼¶°æ±¾


¹Ù·½ÒÑ·¢²¼ÐÞ¸´²¹¶¡£¬ÒÔÐÞ¸´¸Ã©¶´¡£

Apache CXF(org.apache.cxf:cxf-rt-transports-jms) >= 3.6.11

Apache CXF(org.apache.cxf:cxf-rt-transports-jms) >= 4.1.6

Apache CXF(org.apache.cxf:cxf-rt-transports-jms) >= 4.2.1

ÏÂÔØÁ´½Ó£º

https://cxf.apache.org/download.html/


3.2 ÁÙʱ´ëÊ©

ÔÝÎÞ¡£


3.3 ͨÓý¨Òé

¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬¼õÉÙϵͳ©¶´£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£


¼ÓǿϵͳºÍÍøÂçµÄ·ÃÎÊ¿ØÖÆ£¬Ð޸ķÀ»ðǽ²ßÂÔ£¬¹Ø±Õ·Ç±ØÒªµÄÓ¦Óö˿ڻò·þÎñ£¬¼õÉÙ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©±©Â¶µ½¹«Íø£¬¼õÉÙ¹¥»÷Ãæ¡£

ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫÐÔÄÜ¡£


¼ÓǿϵͳÓû§ºÍȨÏÞ¹ÜÀí£¬ÆôÓöàÒòËØÈÏÖ¤»úÖÆºÍ×îСȨÏÞÔ­Ôò£¬Óû§ºÍÈí¼þȨÏÞÓ¦±£³ÖÔÚ×îµÍÏÞ¶È¡£

ÆôÓÃÇ¿ÃÜÂë²ßÂÔ²¢ÉèÖÃΪ¶¨ÆÚÐ޸ġ£


3.4 ²Î¿¼Á´½Ó

https://lists.apache.org/thread/bqg6gjy2cx7rfyqjxcpv3jwjvmclvz4o/

https://nvd.nist.gov/vuln/detail/CVE-2026-44417