CVE-2026-47340

MEDIUM apache dolphinscheduler NVD

CVSS Score 6.5

Severity MEDIUM

Published Jun 17, 2026

Vendor apache

Description

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.

Vendor Advisories

https://lists.apache.org/thread/gx6v1wjb6qg3fzksxomysspy2gw54ooc

References

https://lists.apache.org/thread/gx6v1wjb6qg3fzksxomysspy2gw54ooc
http://www.openwall.com/lists/oss-security/2026/06/17/5