CNNVD-202601-3431 Information

Jan 21, 2026 cve

CNNVD ID

CNNVD-202601-3431

CVE-2026-22444

CNNVD Published: 2026-01-21

Description (Chinese)

Apache Solr是美国阿帕奇（Apache）基金会的一款基于Lucene（一款全文搜索引擎）的搜索服务器。该产品支持层面搜索、垂直搜索、高亮显示搜索结果等。 Apache Solr 8.6版本至9.10.0版本存在安全漏洞，该漏洞源于创建核心API对某些参数输入验证不足，可能导致用户使用意外配置集创建核心，或在Windows系统上泄露NTLM用户哈希。

Description (English)

Apache Solr is a search server for the Apache Foundation in the United States based on Lucene (a full-text search engine). The product supports horizontal, vertical, high-profile search results, etc. There is a security loophole in Appache Solr versions 8.6 to 9.10.0, which stems from the lack of validation of input for certain parameters in the creation of the Nucleus API, which may lead to the creation of the Nucleus by the user using the unexpected configuration set or the leaking of NTLM user Hashi on Windows.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2026-01-21

Last Modified

2026-02-24

References

https://lists.apache.org/thread/qkrb9dd4xrlqmmq73lrhkbfkttto2d1m http://www.openwall.com/lists/oss-security/2026/01/20/5

Patch

https://solr.apache.org/

Share on: