CVE-2026-47340 PUBLISHED

Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.

Assigner: apache
Reserved: 19.05.2026 Published: 17.06.2026 Updated: 17.06.2026

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler.

This issue affects Apache DolphinScheduler: before 3.4.2.

Users are recommended to upgrade to version 3.4.2, which fixes the issue.

Product Status

Vendor Apache Software Foundation
Product Apache DolphinScheduler
Versions Default: unaffected
  • affected from 0 to 3.4.2 (excl.)

Credits

  • thesecguy45@gmail.com finder
  • udolemi (S2W) finder

References

Problem Types

  • CWE-200 Exposure of Sensitive Information to an Unauthorized Actor CWE