CVE-2026-32966 PUBLISHED

Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure

Assigner: apache
Reserved: 17.03.2026 Published: 17.06.2026 Updated: 17.06.2026

DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler.

This issue affects Apache DolphinScheduler: before 3.4.2.

Users are recommended to upgrade to version 3.4.2, which fixes the issue.

Product Status

Vendor Apache Software Foundation
Product Apache DolphinScheduler
Versions Default: unaffected
  • affected from 0 to 3.4.2 (excl.)

Credits

  • b0b0haha (603571786@qq.com) finder
  • j311yl0v3u (2439839508@qq.com) finder

References

Problem Types

  • CWE-863 Incorrect Authorization CWE