Incorrect Authorization Vulnerability in Apache DolphinScheduler
CVE-2026-42357

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Dolphinscheduler
Vendor: CVE Published:; 17 June 2026

What is CVE-2026-42357?

An Incorrect Authorization vulnerability exists in Apache DolphinScheduler, which enables unauthorized users to access sensitive workflow instance information linked to projects outside their permission scope. This flaw can lead to exposure of confidential project data, posing significant risks for organizations using the affected versions of the software. It is crucial for users to upgrade to Apache DolphinScheduler version 3.4.2 to mitigate this security risk.

Affected Version(s)

Apache DolphinScheduler 0 < 3.4.1

References

https://lists.apache.org/thread/74l2rrz32w2chn7vz64313gk7...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Apr 26, 2026

Credit

Yicheng Yu(https://github.com/FHMTT)

CVE-2026-42357 Data

JSON