oss-sec mailing list archives
CVE-2026-32966: Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure
From: Wenjun Ruan <wenjun () apache org>
Date: Wed, 17 Jun 2026 01:35:20 +0000
Severity: moderate Affected versions: - Apache DolphinScheduler (org.apache.dolphinscheduler:dolphinscheduler-api) before 3.4.2 Description: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue. Credit: b0b0haha (603571786 () qq com) (finder) j311yl0v3u (2439839508 () qq com) (finder) References: https://dolphinscheduler.apache.org https://www.cve.org/CVERecord?id=CVE-2026-32966
Current thread:
- CVE-2026-32966: Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure Wenjun Ruan (Jun 16)
