CVE-2026-42357

MEDIUM apache dolphinscheduler NVD

CVSS Score 6.5

Severity MEDIUM

Published Jun 17, 2026

Vendor apache

Description

Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue.

Vendor Advisories

https://lists.apache.org/thread/74l2rrz32w2chn7vz64313gk7ox5wjtr

References

https://lists.apache.org/thread/74l2rrz32w2chn7vz64313gk7ox5wjtr
http://www.openwall.com/lists/oss-security/2026/06/17/4