← 返回漏洞列表
← 返回漏洞列表
CVE-2026-33116
描述
- CVE ID
- CVE-2026-33116
- 包装
- System.Security.Cryptography.Xml
- CVE严重程度
- Low
- EPPlus 影响
- Low
受影响 EPPlus 版本
- 8.5.1
- 8.5.0
- 8.4.2
- 8.4.1
- 8.4.0
- 8.3.1
- 8.3.0
- 8.2.1
- 8.2.0
- 8.1.1
- 8.1.0
- 8.0.8
- 8.0.7
- 8.0.6
- 8.0.5
- 8.0.4
- 8.0.3
- 8.0.2
- 8.0.1
现状
fix-available — 有修复方法。详情请参见警示。
咨询
Microsoft has released a security fix for a vulnerability in System.Security.Cryptography.Xml addressed in versions 10.0.6 and 9.0.15. EPPlus uses this package to create and validate digital signatures for workbooks. The risk for EPPlus users is considered very low, as EPPlus only passes known and validated XML to the affected library, which limits the ability for an attacker to exploit the vulnerability through EPPlus.
Update to EPPlus 8.5.3 to resolve this issue.
包修复信息
该信息指的是上游封装(System.Security.Cryptography.Xml),而非 EPPlus。请参阅上方的建议, EPPlus具体指导。
| Target framework | 包版本 | 固定状态 | 版本修正 |
|---|---|---|---|
| net8.0 | 8.0.2 | fixed | 8.0.3 |
| net9.0 | 9.0.3 | fixed | 9.0.15 |
| net10.0 | 10.0.0 | fixed | 10.0.6 |
| net462 | 8.0.2 | fixed | 8.0.3 |
| netstandard2.0 | 8.0.2 | fixed | 8.0.3 |
| netstandard2.1 | 8.0.2 | fixed | 8.0.3 |
时间线
- 首次检测
- 2026-04-16
- 最后更新
- 2026-04-16