DataSource API Vulnerability in Apache DolphinScheduler
CVE-2026-32966

7.5HIGH

Key Information:

Vendor

Apache

Vendor
CVE Published:
17 June 2026

What is CVE-2026-32966?

A significant vulnerability exists in the DataSource API of Apache DolphinScheduler. This issue allows unauthorized users to access sensitive data source metadata due to a lack of necessary authorization checks in the API. As a result, potentially sensitive information could be disclosed, posing a security risk. Users are advised to upgrade to version 3.4.2 or later to mitigate this vulnerability.

Affected Version(s)

Apache DolphinScheduler 0 < 3.4.2

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

b0b0haha (603571786@qq.com)
j311yl0v3u (2439839508@qq.com)
.