CVE-2026-32967 PUBLISHED

Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks

Assigner: apache
Reserved: 17.03.2026 Published: 17.06.2026 Updated: 17.06.2026

Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler.

This issue affects Apache DolphinScheduler: before 3.4.2.

Users are recommended to upgrade to version 3.4.2, which fixes the issue.

Product Status

Vendor Apache Software Foundation
Product Apache DolphinScheduler
Versions Default: unaffected
  • affected from 0 to 3.4.2 (excl.)

Credits

  • b0b0haha (603571786@qq.com) finder
  • j311yl0v3u (2439839508@qq.com) finder

References

Problem Types

  • CWE-863 Incorrect Authorization CWE