Access Control Vulnerability in Apache DolphinScheduler
CVE-2026-47340

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Dolphinscheduler
Vendor: CVE Published:; 17 June 2026

What is CVE-2026-47340?

An access control vulnerability in Apache DolphinScheduler allows authenticated users to gain unauthorized access to alert instances linked with alert groups that exceed their permissions. This issue is present in versions prior to 3.4.2. It is recommended that users upgrade to version 3.4.2 to mitigate this risk.

Affected Version(s)

Apache DolphinScheduler 0 < 3.4.2

References

https://lists.apache.org/thread/gx6v1wjb6qg3fzksxomysspy2...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
May 19, 2026

Credit

thesecguy45@gmail.com

udolemi (S2W)

CVE-2026-47340 Data

JSON