Incorrect Authorization in Apache DolphinScheduler by Apache
CVE-2026-41280

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Dolphinscheduler
Vendor: CVE Published:; 17 June 2026

What is CVE-2026-41280?

An incorrect authorization vulnerability in Apache DolphinScheduler allows authorized users to delete task definitions across unauthorized projects. This flaw impacts Apache DolphinScheduler versions prior to 3.4.2, making it essential for users to upgrade to this version to mitigate the risk of unauthorized alterations within their systems. Failure to address this issue may result in unintended deletions and disruptions to project management.

Affected Version(s)

Apache DolphinScheduler 0 < 3.4.2

References

https://lists.apache.org/thread/5bv1njp3lbbbj11y20td5yz1b...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Apr 19, 2026

Credit

Yicheng Yu(https://github.com/FHMTT)

CVE-2026-41280 Data

JSON