{"uuid": "4cd79843-9f9b-472e-9d6d-0a79834bad35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26171", "type": "seen", "source": "https://gist.github.com/djlan/c5f5b9f654586287f2f0a8e4376db8f2", "content": "# PR \u89e3\u91ca: [SECURITY] Bump System.Security.Cryptography.Xml from 8.0.2 to 8.0.3\n\n\u4e3a\u4fee\u590d Component Governance \u62a5\u544a\u7684\u9ad8\u5371\u5b89\u5168\u6f0f\u6d1e\uff0c\u5c06 `System.Security.Cryptography.Xml` \u4f9d\u8d56\u5347\u7ea7\u5e76\u56fa\u5b9a\u5230 8.0.3\u3002\n\n**PR \u94fe\u63a5**: https://dev.azure.com/msdata/A365/_git/Synapse-NotebookService/pullrequest/2158349\n**\u4f5c\u8005**: Dependabot\n**\u72b6\u6001**: completed\n**\u5206\u652f**: `dependabot/nuget/src%2FServices/System.Security.Cryptography.Xml-8.0.3-3634385` \u2192 `master`\n**\u53d8\u66f4\u7edf\u8ba1**: 3 files changed\n\n## \u76ee\u5f55\n- [\u53d8\u66f4\u6982\u89c8](#\u53d8\u66f4\u6982\u89c8)\n- [\u5f71\u54cd\u5206\u6790](#\u5f71\u54cd\u5206\u6790)\n\n---\n\n## \u53d8\u66f4\u6982\u89c8\n\n### 1. \u5b89\u5168\u4f9d\u8d56\u5347\u7ea7\uff08NuGet \u5305\u7248\u672c\u6cbb\u7406\uff09\n\n**\u76ee\u7684**: Component Governance \u68c0\u6d4b\u5230\u5f53\u524d\u4f9d\u8d56\u94fe\u4e2d\u7684 `System.Security.Cryptography.Xml` 8.0.2 \u5b58\u5728\u591a\u4e2a\u9ad8\u5371\u6f0f\u6d1e\uff08\u5305\u62ec CVE-2026-33116\u3001CVE-2026-26171 \u7b49\u5171 4 \u4e2a\u544a\u8b66\uff09\u3002\u8be5\u7ec4\u4ef6\u8d1f\u8d23 XML \u6570\u5b57\u7b7e\u540d\u4e0e\u52a0\u5bc6\u5904\u7406\uff0c\u5c5e\u4e8e\u5b89\u5168\u654f\u611f\u5e93\uff0c\u9700\u53ca\u65f6\u5347\u7ea7\u5230\u5b98\u65b9\u4fee\u590d\u7248\u672c 8.0.3\uff0c\u4ee5\u5173\u95ed S360 KPI\u300c1ES Open Source Vulnerabilities\u300d\u4e2d\u7684\u5f00\u6e90\u6f0f\u6d1e\u9879\u3002\n\n**\u6d89\u53ca\u6587\u4ef6**:\n- [Directory.Packages.props](https://dev.azure.com/msdata/A365/_git/Synapse-NotebookService/pullrequest/2158349?path=/Directory.Packages.props&amp;_a=files) \u2014 \u5728\u96c6\u4e2d\u5f0f\u5305\u7248\u672c\u7ba1\u7406\u6587\u4ef6\u4e2d\u65b0\u589e\u5e76\u56fa\u5b9a `System.Security.Cryptography.Xml` \u7248\u672c\u4e3a 8.0.3\n- [src/Services/SynapseNotebookService.Infrastructure/SynapseNotebookService.Infrastructure.csproj](https://dev.azure.com/msdata/A365/_git/Synapse-NotebookService/pullrequest/2158349?path=/src/Services/SynapseNotebookService.Infrastructure/SynapseNotebookService.Infrastructure.csproj&amp;_a=files) \u2014 \u5728 Infrastructure \u9879\u76ee\u4e2d\u663e\u5f0f\u6dfb\u52a0\u5bf9\u8be5\u5305\u7684 `PackageReference`\n\n**\u5173\u952e\u53d8\u66f4**:\n1. **\u96c6\u4e2d\u7248\u672c\u56fa\u5b9a\uff08Central Package Management\uff09**: \u4ed3\u5e93\u91c7\u7528 CPM \u6a21\u5f0f\uff0c\u901a\u8fc7 `Directory.Packages.props` \u7edf\u4e00\u58f0\u660e `PackageVersion`\u3002\u6b64\u5904\u65b0\u589e\u4e00\u884c\u5c06 `System.Security.Cryptography.Xml` \u9501\u5b9a\u5728 8.0.3\uff0c\u786e\u4fdd\u6240\u6709\u5f15\u7528\u8be5\u5305\u7684\u9879\u76ee\u4f7f\u7528\u540c\u4e00\u5b89\u5168\u7248\u672c\uff0c\u907f\u514d\u7248\u672c\u6f02\u79fb\u3002\n2. **\u663e\u5f0f\u5f15\u7528\u4f20\u9012\u4f9d\u8d56**: \u8be5\u5305\u539f\u672c\u53ef\u80fd\u662f\u901a\u8fc7\u5176\u5b83\u4f9d\u8d56\u95f4\u63a5\u5f15\u5165\u7684\u4f20\u9012\u4f9d\u8d56\u3002Dependabot \u5728 Infrastructure \u9879\u76ee\u4e2d\u65b0\u589e\u4e86\u663e\u5f0f `PackageReference`\uff08\u65e0\u7248\u672c\u53f7\uff0c\u7248\u672c\u7531 CPM \u7edf\u4e00\u63d0\u4f9b\uff09\uff0c\u4ece\u800c\u628a\u6613\u53d7\u653b\u51fb\u7684\u4f20\u9012\u4f9d\u8d56\u300c\u63d0\u5347\u300d\u4e3a\u53ef\u63a7\u7684\u76f4\u63a5\u4f9d\u8d56\uff0c\u5f3a\u5236\u89e3\u6790\u5230\u5df2\u4fee\u590d\u7684 8.0.3\u3002\u8fd9\u662f\u89e3\u51b3\u4f20\u9012\u4f9d\u8d56\u6f0f\u6d1e\u7684\u6807\u51c6\u505a\u6cd5\u3002\n\n[\u2191 \u8fd4\u56de\u76ee\u5f55](#\u76ee\u5f55)\n\n---\n\n## \u5f71\u54cd\u5206\u6790\n\n- **\u5f71\u54cd\u8303\u56f4**: \u4ec5\u6d89\u53ca\u4f9d\u8d56\u7248\u672c\u4e0e\u6784\u5efa\u914d\u7f6e\uff0c\u65e0\u4e1a\u52a1\u903b\u8f91\u6216\u6e90\u4ee3\u7801\u6539\u52a8\uff1b\u76f4\u63a5\u5f71\u54cd `SynapseNotebookService.Infrastructure` \u9879\u76ee\u53ca\u4f9d\u8d56\u5b83\u7684\u4e0b\u6e38\u7a0b\u5e8f\u96c6\u3002\n- **\u7528\u6237\u611f\u77e5**: \u65e0\u529f\u80fd\u5c42\u9762\u7684\u53ef\u89c1\u53d8\u5316\uff0c\u5c5e\u4e8e\u7eaf\u5b89\u5168\u7ef4\u62a4\u6027\u5347\u7ea7\uff1b\u7528\u6237\u4e0d\u4f1a\u5bdf\u89c9\u884c\u4e3a\u5dee\u5f02\u3002\n- **\u98ce\u9669\u70b9**:\n  1. **\u6f5c\u5728\u7834\u574f\u6027\u5347\u7ea7\uff08\u4f4e\uff09**: Dependabot \u7684\u81ea\u52a8\u66f4\u65b0\u53ef\u80fd\u5f15\u5165 API \u6216\u8fd0\u884c\u65f6\u884c\u4e3a\u7684\u7ec6\u5fae\u53d8\u5316\u3002\u867d\u7136 8.0.2 \u2192 8.0.3 \u4e3a\u8865\u4e01\u7248\u672c\uff0c\u5411\u540e\u517c\u5bb9\u98ce\u9669\u5f88\u4f4e\uff0c\u4f46\u56e0\u6d89\u53ca\u52a0\u5bc6/XML \u7b7e\u540d\u5e93\uff0c\u5efa\u8bae\u786e\u8ba4\u76f8\u5173\u7b7e\u540d\u3001SAML/XML \u52a0\u5bc6\u573a\u666f\u5728 PR \u9a8c\u8bc1\u6784\u5efa\u4e2d\u901a\u8fc7\u3002\n  2. **\u65b0\u589e\u76f4\u63a5\u4f9d\u8d56\u7684\u7ef4\u62a4\u6210\u672c\uff08\u4f4e\uff09**: \u5c06\u4f20\u9012\u4f9d\u8d56\u63d0\u5347\u4e3a\u663e\u5f0f\u5f15\u7528\u540e\uff0c\u540e\u7eed\u8be5\u5305\u7684\u7248\u672c\u7ef4\u62a4\u8d23\u4efb\u8f6c\u79fb\u5230\u672c\u4ed3\u5e93\uff1b\u9700\u6ce8\u610f\u672a\u6765\u5176\u5b83\u4f9d\u8d56\u82e5\u8981\u6c42\u66f4\u9ad8\u7248\u672c\u65f6\u4e0d\u4f1a\u4e0e\u6b64\u56fa\u5b9a\u7248\u672c\u51b2\u7a81\u3002\n  3. **\u6784\u5efa\u4e0e\u7b56\u7565\u963b\u585e\uff08\u4f4e\uff09**: Dependabot \u65e0\u6cd5\u5904\u7406\u4ed3\u5e93\u7279\u5b9a\u7684\u6784\u5efa\u5931\u8d25\u6216 PR \u7b56\u7565\uff1b\u9700\u4ed3\u5e93\u8d1f\u8d23\u4eba\u786e\u4fdd\u5408\u5e76\u524d CI \u4e0e\u95e8\u7981\u5168\u90e8\u901a\u8fc7\uff08PR \u72b6\u6001\u5df2\u4e3a completed\uff0c\u8868\u660e\u5df2\u5408\u5e76\uff09\u3002\n\n[\u2191 \u8fd4\u56de\u76ee\u5f55](#\u76ee\u5f55)\n", "creation_timestamp": "2026-07-14T00:12:44.144233Z"}