{"uuid": "c0ed6fd2-78b7-4ff4-9840-86198646a891", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26171", "type": "seen", "source": "https://gist.github.com/djlan/0f707f64b79bbb09c98fcbd8ebca1883", "content": "# PR \u89e3\u91ca: [SECURITY] Bump System.Security.Cryptography.Xml from 8.0.2 to 8.0.3\n\n\u672c PR \u7531 Dependabot \u81ea\u52a8\u521b\u5efa\uff0c\u65e8\u5728\u4fee\u590d `System.Security.Cryptography.Xml` \u5305\u4e2d\u5df2\u53d1\u73b0\u7684\u591a\u4e2a\u9ad8\u5371\u5b89\u5168\u6f0f\u6d1e\uff08CVE-2026-33116\u3001CVE-2026-26171 \u7b49\uff09\uff0c\u5c06\u7248\u672c\u4ece 8.0.2 \u5347\u7ea7\u81f3 8.0.3\u3002\n\n**PR \u94fe\u63a5**: https://dev.azure.com/msdata/A365/_git/Synapse-NotebookService/pullrequest/2107324\n**\u4f5c\u8005**: Dependabot\n**\u72b6\u6001**: abandoned\n**\u5206\u652f**: `dependabot/nuget/src%2FServices/System.Security.Cryptography.Xml-8.0.3-3590405` \u2192 `master`\n**\u53d8\u66f4\u7edf\u8ba1**: 3 files changed\n\n## \u76ee\u5f55\n- [\u53d8\u66f4\u6982\u89c8](#\u53d8\u66f4\u6982\u89c8)\n- [\u5f71\u54cd\u5206\u6790](#\u5f71\u54cd\u5206\u6790)\n\n---\n\n## \u53d8\u66f4\u6982\u89c8\n\n### 1. NuGet \u5305\u7248\u672c\u7ba1\u7406\uff08Central Package Management\uff09\n\n**\u76ee\u7684**: \u5728\u4e2d\u592e\u5305\u7ba1\u7406\u6587\u4ef6\u4e2d\u58f0\u660e `System.Security.Cryptography.Xml` \u7684\u7edf\u4e00\u7248\u672c\u53f7\uff0c\u786e\u4fdd\u6574\u4e2a\u89e3\u51b3\u65b9\u6848\u4f7f\u7528\u4e00\u81f4\u7684\u5b89\u5168\u4fee\u590d\u7248\u672c\u3002\n\n**\u6d89\u53ca\u6587\u4ef6**:\n- [Directory.Packages.props](https://dev.azure.com/msdata/A365/_git/Synapse-NotebookService/pullrequest/2107324?path=/Directory.Packages.props&amp;_a=files) \u2014 \u65b0\u589e `System.Security.Cryptography.Xml` \u7248\u672c 8.0.3 \u7684\u96c6\u4e2d\u7ba1\u7406\u58f0\u660e\n\n**\u5173\u952e\u53d8\u66f4**:\n1. **\u65b0\u589e\u5305\u7248\u672c\u58f0\u660e**: \u5728 `` \u5217\u8868\u4e2d\u6dfb\u52a0 `System.Security.Cryptography.Xml` Version=\"8.0.3\"\uff0c\u4f7f\u5f97\u6240\u6709\u5f15\u7528\u8be5\u5305\u7684\u9879\u76ee\u90fd\u4f7f\u7528\u4fee\u590d\u540e\u7684\u7248\u672c\u3002\u8fd9\u662f Central Package Management (CPM) \u6a21\u5f0f\u4e0b\u7684\u6807\u51c6\u505a\u6cd5\u3002\n\n[\u2191 \u8fd4\u56de\u76ee\u5f55](#\u76ee\u5f55)\n\n---\n\n### 2. Infrastructure \u9879\u76ee\u4f9d\u8d56\u5f15\u7528\n\n**\u76ee\u7684**: \u5728 `SynapseNotebookService.Infrastructure` \u9879\u76ee\u4e2d\u663e\u5f0f\u5f15\u7528\u8be5\u5b89\u5168\u5305\uff0c\u786e\u4fdd\u7f16\u8bd1\u65f6\u80fd\u6b63\u786e\u89e3\u6790\u5e76\u4f7f\u7528\u4fee\u590d\u7248\u672c\uff0c\u8986\u76d6\u53ef\u80fd\u5b58\u5728\u7684\u4f20\u9012\u4f9d\u8d56\u4e2d\u7684\u65e7\u7248\u672c\u3002\n\n**\u6d89\u53ca\u6587\u4ef6**:\n- [src/Services/SynapseNotebookService.Infrastructure/SynapseNotebookService.Infrastructure.csproj](https://dev.azure.com/msdata/A365/_git/Synapse-NotebookService/pullrequest/2107324?path=/src/Services/SynapseNotebookService.Infrastructure/SynapseNotebookService.Infrastructure.csproj&amp;_a=files) \u2014 \u65b0\u589e\u5bf9 `System.Security.Cryptography.Xml` \u7684 PackageReference\n\n**\u5173\u952e\u53d8\u66f4**:\n1. **\u663e\u5f0f\u5f15\u7528\u5b89\u5168\u5305**: \u6dfb\u52a0 ``\uff08\u7248\u672c\u7531 Directory.Packages.props \u7edf\u4e00\u7ba1\u7406\uff09\u3002\u8fd9\u786e\u4fdd\u8be5\u9879\u76ee\u7684\u4f9d\u8d56\u56fe\u4e2d\u4e0d\u4f1a\u7ee7\u7eed\u4f7f\u7528\u5b58\u5728\u6f0f\u6d1e\u7684\u65e7\u7248\u672c\u3002Dependabot \u901a\u5e38\u5728\u68c0\u6d4b\u5230\u4f20\u9012\u4f9d\u8d56\u4e2d\u5b58\u5728\u6f0f\u6d1e\u65f6\u91c7\u53d6\u6b64\u7b56\u7565\u2014\u2014\u901a\u8fc7\u663e\u5f0f\u5f15\u7528\u6765\u5f3a\u5236\u7248\u672c\u63d0\u5347\u3002\n\n[\u2191 \u8fd4\u56de\u76ee\u5f55](#\u76ee\u5f55)\n\n---\n\n## \u5f71\u54cd\u5206\u6790\n\n- **\u5f71\u54cd\u8303\u56f4**: \u4ec5\u5f71\u54cd `SynapseNotebookService.Infrastructure` \u9879\u76ee\u7684\u4f9d\u8d56\u89e3\u6790\u3002\u5347\u7ea7\u7684\u662f XML \u6570\u5b57\u7b7e\u540d\u76f8\u5173\u7684\u52a0\u5bc6\u5e93\uff0c\u5c5e\u4e8e\u5e95\u5c42\u5b89\u5168\u7ec4\u4ef6\u3002\n- **\u7528\u6237\u611f\u77e5**: \u65e0\u7528\u6237\u53ef\u611f\u77e5\u7684\u529f\u80fd\u53d8\u66f4\u3002\u6b64\u4e3a\u7eaf\u5b89\u5168\u8865\u4e01\u5347\u7ea7\uff0c\u4fee\u590d\u7684\u662f\u5e93\u5185\u90e8\u7684\u5b89\u5168\u6f0f\u6d1e\u3002\n- **\u98ce\u9669\u70b9**:\n  1. **PR \u5df2\u88ab\u653e\u5f03\uff08Abandoned\uff09**: \u8be5 PR \u5f53\u524d\u72b6\u6001\u4e3a abandoned\uff0c\u8bf4\u660e\u56e2\u961f\u53ef\u80fd\u5df2\u901a\u8fc7\u5176\u4ed6\u65b9\u5f0f\u89e3\u51b3\u4e86\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u6216\u8005\u5347\u7ea7\u5bfc\u81f4\u4e86\u6784\u5efa/\u517c\u5bb9\u6027\u95ee\u9898\u3002\u9700\u8981\u786e\u8ba4\u6f0f\u6d1e\u662f\u5426\u5df2\u5728\u5176\u4ed6 PR \u4e2d\u4fee\u590d\u3002\n  2. **\u4f20\u9012\u4f9d\u8d56\u517c\u5bb9\u6027**: \u663e\u5f0f\u5f15\u7528 `System.Security.Cryptography.Xml` 8.0.3 \u53ef\u80fd\u4e0e\u9879\u76ee\u4e2d\u5176\u4ed6\u4f9d\u8d56\u8be5\u5305\u7684 NuGet \u5305\u4ea7\u751f\u7248\u672c\u51b2\u7a81\uff0c\u5c24\u5176\u662f\u5982\u679c\u67d0\u4e9b\u5305\u786c\u6027\u4f9d\u8d56 8.0.2 \u7684\u7279\u5b9a\u884c\u4e3a\u3002\n  3. **\u8865\u4e01\u7248\u672c\u5347\u7ea7\u7684 API \u884c\u4e3a\u53d8\u66f4**: \u867d\u7136 8.0.2 \u2192 8.0.3 \u662f\u8865\u4e01\u7ea7\u522b\u5347\u7ea7\uff0c\u901a\u5e38\u53ea\u5305\u542b bug \u4fee\u590d\uff0c\u4f46\u5b89\u5168\u4fee\u590d\u6709\u65f6\u4f1a\u6536\u7d27\u9a8c\u8bc1\u903b\u8f91\uff08\u5982 XML \u7b7e\u540d\u9a8c\u8bc1\uff09\uff0c\u53ef\u80fd\u5bfc\u81f4\u4e4b\u524d\u80fd\u901a\u8fc7\u7684\u67d0\u4e9b\u8fb9\u754c\u60c5\u51b5\u88ab\u62d2\u7edd\u3002\u5efa\u8bae\u5728\u5408\u5e76\u524d\u8fd0\u884c\u5b8c\u6574\u7684\u96c6\u6210\u6d4b\u8bd5\u3002\n  4. **\u9ad8\u5371\u6f0f\u6d1e\u65f6\u6548\u6027**: \u6d89\u53ca CVE-2026-33116 \u548c CVE-2026-26171 \u4e24\u4e2a\u9ad8\u5371\u6f0f\u6d1e\uff0c\u82e5\u6b64 PR \u88ab\u653e\u5f03\u4e14\u672a\u901a\u8fc7\u5176\u4ed6\u9014\u5f84\u4fee\u590d\uff0c\u5b58\u5728\u5b89\u5168\u5408\u89c4\u98ce\u9669\uff08S360 KPI \u76f8\u5173\uff09\u3002\n", "creation_timestamp": "2026-06-18T00:01:22.000000Z"}