org.apache.inlong is vulnerable to Insecure Direct Object References (IDOR). The vulnerability exists due to a lack of permission verification for stream sources, which allows an attacker to access files or directories of external users and delete, edit, stop, and start others’ sources.