Dolphinscheduler on CVE Alert & Security Feed

CVE-2026-47340

Wed, 17 Jun 2026 13:20:41 +0000

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.

CVE-2026-42357

Wed, 17 Jun 2026 13:20:39 +0000

Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue.

CVE-2026-41280

Wed, 17 Jun 2026 13:20:38 +0000

Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue.

CVE-2026-32966

Wed, 17 Jun 2026 13:20:16 +0000

DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.

CVE-2026-32967

Wed, 17 Jun 2026 13:20:16 +0000

Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.