Incorrect Authorization in Apache DolphinScheduler Affects Version Prior to 3.4.2
CVE-2026-32967
6.5MEDIUM
What is CVE-2026-32967?
An Incorrect Authorization vulnerability exists in the experimental /v2 interface of Apache DolphinScheduler, affecting versions prior to 3.4.2. This issue may allow unauthorized users to gain access to sensitive functionalities and data. Users are strongly advised to update to version 3.4.2 to mitigate this vulnerability and enhance the security of their systems.
Affected Version(s)
Apache DolphinScheduler 0 < 3.4.2
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
b0b0haha (603571786@qq.com)
j311yl0v3u (2439839508@qq.com)