DataSource API Vulnerability in Apache DolphinScheduler
CVE-2026-32966
7.5HIGH
What is CVE-2026-32966?
A significant vulnerability exists in the DataSource API of Apache DolphinScheduler. This issue allows unauthorized users to access sensitive data source metadata due to a lack of necessary authorization checks in the API. As a result, potentially sensitive information could be disclosed, posing a security risk. Users are advised to upgrade to version 3.4.2 or later to mitigate this vulnerability.
Affected Version(s)
Apache DolphinScheduler 0 < 3.4.2
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
b0b0haha (603571786@qq.com)
j311yl0v3u (2439839508@qq.com)