¡¾·ì϶¹«¸æ¡¿Apache Airflow DAG ·´ÐòÁл¯Ô¶³Ì´úÂëÖ´Ðзì϶(CVE-2026-33264)
°ä²¼¹¦·ò 2026-07-08Ò»¡¢·ì϶¸ÅÊö

Apache AirflowÊÇÓÉApacheÈí¼þ»ù½ð»áÊØ»¤µÄ¿ªÔ´¹¤×÷Á÷±àÅÅÓ빤×÷µ÷¶Èƽ̨£¬¿í·ºÀûÓÃÓÚÊý¾Ý¹¤³Ì¡¢Êý¾Ý·ÖÎö¡¢»úе½ø½¨ºÍ×Ô¶¯»¯¹¤×÷ÖÎÀí³¡¾°¡£Airflowͨ¹ýDAG£¨Directed Acyclic Graph£¬ÓÐÏòÎÞ»·Í¼£©½ç˵¹¤×÷Á÷³Ì£¬Ö§³Ö¹¤×÷µ÷¶È¡¢ÒÀÀµÖÎÀí¡¢Ö´ÐÐ¼à¿Ø¼°À©´ó²å¼þ»úÔ죬¿ÉÓë¶àÖÖÊý¾Ý¿â¡¢ÔÆ·þÎñºÍÊý¾Ý´¦ÖÃÆ½Ì¨¼¯³É¡£
2026Äê7ÔÂ8ÈÕ£¬28Ȧ°²È«Ó¦¼±ÏìÓ¦ÖÐÐÄ£¨VSRC£©¼à²âµ½Apache Airflow DAG·´ÐòÁл¯Ô¶³Ì´úÂëÖ´Ðзì϶¡£¸Ã·ì϶λÓÚBaseSerialization.deserialize()·´ÐòÁл¯´¦ÖÃÂß¼£¬ÓÉÓÚ×é¼þδÏÞ¶Èimport_string()¶Ô¹¥»÷Õ߿ɿØÀàõè¾¶µÄ¼ÓÔØ£¬µ¼ÖÂÓµÓÐDAG±àдȨÏÞµÄÓû§¿ÉÔÚÐòÁл¯DAGÖÐǶÈë¶ñÒâ´¥·¢Âß¼¡£µ±Scheduler»òAPI Server¼ÓÔØ¶ñÒâDAGʱ£¬¹¥»÷´úÂë¿ÉÄÜÔÚ¸ßȨÏÞ¹ý³ÌÖÐÖ´ÐУ¬Í»ÆÆAirflowÔÓеÄDAG×÷Õß´úÂë¸ôÀ밲ȫÌìǵ£¬½øÒ»²½»ñÈ¡·þÎñÆ÷½ÚÔìȨÏÞ¡¢ÇÔÈ¡Ãô¸ÐÊý¾Ý»òÓ°Ï칤×÷µ÷¶È°²È«¡£
¶þ¡¢Ó°ÏìÁìÓò
apache-airflow < 3.3.0
Èý¡¢°²È«´ëÊ©
3.1 Éý¼¶°æ±¾¹Ù·½ÒѰ䲼½¨¸´²¹¶¡£¬ÒÔ½¨¸´¸Ã·ì϶¡£
apache-airflow >= 3.3.0
ÏÂÔØÁ´½Ó£ºhttps://github.com/apache/airflow/releases/
3.2 һʱ´ëÊ©
ÔÝÎÞ¡£
3.3 ͨÓý¨Òé
¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬Ï÷¼õϵͳ·ì϶£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£
¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔ죬Åú¸Ä·À»ðǽսÊõ£¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬Ï÷¼õ¹¥»÷Ãæ¡£
ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£
¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏÞ¶È¡£
ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£
3.4 ²Î¿¼Á´½Ó
https://lists.apache.org/thread/otvdw8qt2y7xy2n5nq9xby9ky4rf5ltj/
https://nvd.nist.gov/vuln/detail/CVE-2026-33264


¾©¹«Íø°²±¸11010802024551ºÅ