CVE-2026-47340

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

CVE-2026-41280

CVE-2026-41280 affects Apache DolphinScheduler prior to 3.4.2. The issue is an Incorrect Authorization vulnerability where users with system login privileges can delete task definitions in unauthorized projects due to insufficient access controls. The documented impact is deletion of task definit...

CVE-2026-41280 Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects

Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

CVE-2026-23902 Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution.

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...

CVE-2026-23902

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...

EUVD-2025-209369

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...

CVE-2025-62188

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...

CVE-2025-62188 Apache DolphinScheduler: Users can access sensitive information through the actuator endpoint.

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...

Remote Code Execution (RCE)

Apache DolphinScheduler is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of user input in alert scripts, which allows an attacker to execute arbitrary shell scripts on the server...

Incorrect Default Permissions

org.apache.dolphinscheduler, dolphinscheduler is vulnerable to Incorrect Default Permissions. The vulnerability is due to improper default access settings in the application, which allows an attacker to gain unauthorized access or perform unintended actions within the system...

CVE-2024-43115

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...

Apache DolphinScheduler Code Execution Vulnerability

Apache DolphinScheduler is a modern data scheduling platform from the Apache USA Foundation. A code execution vulnerability exists in Apache DolphinScheduler versions prior to 3.2.2 due to improper input validation. An attacker can exploit this vulnerability to execute arbitrary shell scripts on...

CVE-2024-43166

Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...

CVE-2024-43115 Apache DolphinScheduler: Alert Script Attack

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...

Apache DolphinScheduler 输入验证错误漏洞

Apache DolphinScheduler is a distributed DAG visualization-based workflow task scheduling system from the Apache Apache Foundation in the United States. An input validation error vulnerability exists in Apache DolphinScheduler versions prior to 3.2.1, which stems from the presence of incorrect...

PT-2023-20191 · Apache · Apache Dolphinscheduler

Name of the Vulnerable Software and Affected Versions: Apache DolphinScheduler versions 3.0.0 through 3.1.1 Description: The issue concerns improper authentication in Apache DolphinScheduler's python gateway, allowing an attacker to use a socket bytes attack without authentication. This has been...

Apache Dolphin Scheduler has insufficiently protected credentials

When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher...

GHSA-JVC3-WJF6-7C6C Apache Dolphin Scheduler has insufficiently protected credentials

When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher...

PT-2022-18121 · Apache · Apache Dolphinscheduler

Name of the Vulnerable Software and Affected Versions: Apache DolphinScheduler versions prior to 2.0.6 Description: The issue allows users to read any files by logging into the server. Apache DolphinScheduler users are advised to take action to protect themselves. Recommendations: For versions...