Incorrect Authorization in Apache DolphinScheduler Affects Version Prior to 3.4.2
CVE-2026-32967

6.5MEDIUM

Key Information:

Vendor

Apache

Vendor
CVE Published:
17 June 2026

What is CVE-2026-32967?

An Incorrect Authorization vulnerability exists in the experimental /v2 interface of Apache DolphinScheduler, affecting versions prior to 3.4.2. This issue may allow unauthorized users to gain access to sensitive functionalities and data. Users are strongly advised to update to version 3.4.2 to mitigate this vulnerability and enhance the security of their systems.

Affected Version(s)

Apache DolphinScheduler 0 < 3.4.2

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

b0b0haha (603571786@qq.com)
j311yl0v3u (2439839508@qq.com)
.