Incorrect Authorization in Apache DolphinScheduler by Apache
CVE-2026-41280

4.9MEDIUM

Key Information:

Vendor

Apache

Vendor
CVE Published:
17 June 2026

What is CVE-2026-41280?

An incorrect authorization vulnerability in Apache DolphinScheduler allows authorized users to delete task definitions across unauthorized projects. This flaw impacts Apache DolphinScheduler versions prior to 3.4.2, making it essential for users to upgrade to this version to mitigate the risk of unauthorized alterations within their systems. Failure to address this issue may result in unintended deletions and disruptions to project management.

Affected Version(s)

Apache DolphinScheduler 0 < 3.4.2

References

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yicheng Yu(https://github.com/FHMTT)
.