DataSource API Vulnerability in Apache DolphinScheduler
CVE-2026-32966

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Dolphinscheduler
Vendor: CVE Published:; 17 June 2026

What is CVE-2026-32966?

A significant vulnerability exists in the DataSource API of Apache DolphinScheduler. This issue allows unauthorized users to access sensitive data source metadata due to a lack of necessary authorization checks in the API. As a result, potentially sensitive information could be disclosed, posing a security risk. Users are advised to upgrade to version 3.4.2 or later to mitigate this vulnerability.

Affected Version(s)

Apache DolphinScheduler 0 < 3.4.2

References

https://lists.apache.org/thread/4f1fojpj26z9y5nd1ko845gck...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Mar 17, 2026

Credit

b0b0haha (603571786@qq.com)

j311yl0v3u (2439839508@qq.com)

CVE-2026-32966 Data

JSON