CVE-2026-41280

MEDIUM apache dolphinscheduler NVD

CVSS Score 4.9

Severity MEDIUM

Published Jun 17, 2026

Vendor apache

Description

Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue.

Vendor Advisories

https://lists.apache.org/thread/5bv1njp3lbbbj11y20td5yz1b4nmrtvw

References

https://lists.apache.org/thread/5bv1njp3lbbbj11y20td5yz1b4nmrtvw
http://www.openwall.com/lists/oss-security/2026/06/17/7