CVE-2026-4851 GRID::Machine 不安全反序列化漏洞

GRID::Machine (版本低于 0.127) 中的 CVE-2026-4851 允许由于不安全的序列化而发生任意代码执行。GRID::Machine 允许 Perl 中通过 SSH 进行远程过程调用 (RPC)，使客户端能够在远程主机上执行代码。受损或恶意远程主机可以通过此漏洞在客户端上执行任意代码。具体来说，lib/GRID/Machine/Message.pm 中的 read_operation() 函数使用 eval() 序列化来自远程端的值，从而为代码注入创建了后门。$arg .= '$VAR1'; 的连接是用于操作要评估的代码的入口点。

Organizations and individuals using GRID::Machine in their Perl applications, particularly those exposing the RPC service to untrusted networks, are at risk. Shared hosting environments where multiple users share the same server are also vulnerable, as a compromised user could potentially exploit this vulnerability to affect other users on the same system. Legacy systems running older versions of Perl and GRID::Machine are particularly susceptible.

• cpan: Use cpan list to identify installations of vulnerable GRID::Machine versions.

cpan list | grep GRID::Machine

• Perl Script Analysis: Examine Perl scripts that utilize GRID::Machine for potential vulnerabilities. Search for instances of eval calls related to data received from remote sources. • System Logs: Monitor system logs for unusual activity related to GRID::Machine, such as unexpected process executions or network connections. • File Integrity Monitoring: Implement file integrity monitoring on the lib/GRID/Machine/Message.pm file to detect unauthorized modifications.

1. 2026-03-29Disclosure

   disclosure

1. 已保留2026-03-25
2. 发布日期2026-03-29
3. 修改日期2026-04-01
4. EPSS 更新日期2026-04-04

目前，CVE-2026-4851 没有可用的修复程序 (fix)。 主要的缓解措施是避免使用受影响的 GRID::Machine 版本（低于 0.127），直到发布补丁。 如果必须使用 GRID::Machine，请强烈隔离客户端和服务器系统，限制网络访问并监控可疑活动。 此外，应审查和审计代码以识别和删除任何处理不受信任数据的 eval() 实例。 迁移到不依赖不安全序列化的安全替代方案是长期来看的最佳策略。 积极监控安全信息来源，以获取任何更新或补丁。