¡¾·ì϶¹«¸æ¡¿Apache SolrÓ²±àÂëÍ´´¦·ì϶(CVE-2026-44825)

°ä²¼¹¦·ò 2026-06-05

Ò»¡¢·ì϶¸ÅÊö


0605·ì϶¸ÅÊö.png


Apache SolrÊÇÒ»¿î»ùÓÚApache LuceneµÄ¿ªÔ´ÆóÒµ¼¶ËÑË÷ƽ̨£¬Ö§³ÖÈ«ÎļìË÷¡¢É¢²¼Ê½Ë÷Òý¡¢SolrCloud¼¯Èº¡¢¸ß¿ÉÓᢷÖÃæËÑË÷ºÍʵʱË÷ÒýµÈÄÜÁ¦£¬¿í·ºÀûÓÃÓÚÕ¾ÄÚËÑË÷¡¢ÈÕÖ¾¼ìË÷¡¢ÄÚÈݼìË÷ºÍÊý¾Ý·ÖÎö³¡¾°¡£

2026Äê6ÔÂ5ÈÕ£¬mansion88Ã÷Éý°²È«Ó¦¼±ÏìÓ¦ÖÐÐÄ£¨VSRC£©¼à²âµ½Apache SolrÓ²±àÂëÍ´´¦·ì϶¡£¸Ã·ì϶´æÔÚÓÚbin/solr auth enableÈÏÖ¤ÆôÓÃÁ÷³ÌÖУ¬ÓÉÓÚ¹¤¾ßÔÚÅäÖÃBasicAuthʱ¿ÉÄܾ²Ä¬´´½¨´øÓй«¿ªÄ¬ÈÏÍ´´¦µÄÄ£°åÓû§£¬µ¼ÖÂÔ¶³Ì¹¥»÷Õß¿ÉʹÓÃÒÑÖªÕ˺ÅÃÜÂëµÇ¼SolrCloud¼¯Èº²¢»ñÈ¡ÖÎÀíԱȨÏÞ¡£¹¥»÷Õ߿ɽøÒ»²½½Ó¼ûË÷ÒýÊý¾Ý¡¢Åú¸ÄÈÏÖ¤ÅäÖᢴ´½¨ºóÃÅÕ˺ŻòÓ°ÏìÒµÎñ¿ÉÓÃÐÔ¡£



¶þ¡¢Ó°ÏìÁìÓò



9.4.0 <= Apache Solr <= 9.10.1

Apache Solr = 10.0.0

ÒÔÏÂÇé¿ö²»ÊÜÓ°Ï죺

δʹÓà bin/solr auth enable³õʼ»¯BasicAuthµÄApache Solr¼¯Èº

ÒÑÔÚ³õʼ»¯ºóÅú¸Äsuperadmin¡¢admin¡¢search¡¢indexÄ£°åÓû§Ä¬ÈÏÃÜÂëµÄApache Solr



Èý¡¢°²È«´ëÊ©



3.1 Éý¼¶°æ±¾


¹Ù·½ÒѰ䲼½¨¸´²¹¶¡£¬ÒÔ½¨¸´¸Ã·ì϶¡£

Apache Solr >= 9.11.0

Apache Solr >= 10.1.0

ÏÂÔØÁ´½Ó£º

https://solr.apache.org/downloads.html/


3.2 һʱ´ëÊ©


ɾ³ýsecurity.jsonÖеÄsuperadmin¡¢admin¡¢search¡¢indexÄ£°åÓû§»òΪsuperadmin¡¢admin¡¢search¡¢indexÉèÖÃÇ¿Ëæ»úÃÜÂë¡£


3.3 ͨÓý¨Òé


¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬Ï÷¼õϵͳ·ì϶£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£

¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔ죬Åú¸Ä·À»ðǽսÊõ£¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬Ï÷¼õ¹¥»÷Ãæ¡£

ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£

¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏÞ¶È¡£

ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£


3.4 ²Î¿¼Á´½Ó


https://www.openwall.com/lists/oss-security/2026/05/29/6/

https://lists.apache.org/thread/5xg6xr99glocp3zsg9ht2zlbwlrst7ch

https://horizon3.ai/attack-research/vulnerabilities/cve-2026-44825/

https://nvd.nist.gov/vuln/detail/CVE-2026-44825