oss-sec mailing list archives
CVE-2026-32967: Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks
From: Wenjun Ruan <wenjun () apache org>
Date: Wed, 17 Jun 2026 01:35:26 +0000
Severity: moderate Affected versions: - Apache DolphinScheduler (org.apache.dolphinscheduler:dolphinscheduler-api) before 3.4.2 Description: Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue. Credit: b0b0haha (603571786 () qq com) (finder) j311yl0v3u (2439839508 () qq com) (finder) References: https://dolphinscheduler.apache.org https://www.cve.org/CVERecord?id=CVE-2026-32967
Current thread:
- CVE-2026-32967: Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks Wenjun Ruan (Jun 16)
