43 matches found
EUVD-2026-37583
Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
CVE-2026-47340
Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
CVE-2026-32966
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
CVE-2026-47340 Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.
Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
CVE-2026-41280 Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects
Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...
CVE-2026-41280
CVE-2026-41280 affects Apache DolphinScheduler prior to 3.4.2. The issue is an Incorrect Authorization vulnerability where users with system login privileges can delete task definitions in unauthorized projects due to insufficient access controls. The documented impact is deletion of task definit...
CVE-2026-32966
The CVE affects Apache DolphinScheduler prior to 3.4.2. A missing authorization check in the DataSource API allows exposure of arbitrary data source metadata to unauthenticated users, enabling potential disclosure of sensitive information. The issue’s root cause is insufficient access control on ...
CVE-2025-62188
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...
Apache DolphinScheduler RPC module has a Deserialization of Untrusted Data vulnerability
Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler: Version = 3.2.0 and 3.3.1. Attackers who can access the Master or Worker nodes can compromise the system by creating a StandardRpcRequest, injecting a malicious class...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization during workflow execution. An attacker can gain unauthorized access to resources by leveraging tenants that are not defined on the platform. Remediation Upgrade org.apache.dolphinscheduler:dolphinscheduler-api to...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the RPC component. An attacker can execute arbitrary code by crafting a malicious StandardRpcRequest containing a harmful class type and sending it to the Master or Worker nodes. Details Serializati...
CVE-2026-23902 Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution.
Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...
CVE-2026-23902
Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...
CVE-2026-23902 Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution.
Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...
EUVD-2025-209572
Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler: Version = 3.2.0 and 3.3.1. Attackers who can access the Master or Worker nodes can compromise the system by creating a StandardRpcRequest, injecting a malicious class...
CVE-2025-62233
CVE-2025-62233 concerns Apache DolphinScheduler’s RPC module. A deserialization of untrusted data vulnerability affects versions >= 3.2.0 and
PT-2026-34873
Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...
EUVD-2025-209369
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure due to the exposure of sensitive data to unauthorized actors. An attacker can access sensitive data such as database credentials by exploiting this vulnerability. Workaround This vulnerability can be mitigated by...
CVE-2025-62188
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...