CVE-2026-32967: Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks

Wenjun Ruan Tue, 16 Jun 2026 18:37:10 -0700

Severity: moderate 

Affected versions:


- Apache DolphinScheduler (org.apache.dolphinscheduler:dolphinscheduler-api) 
before 3.4.2

Description:

Incorrect Authorization vulnerability of `/v2` experimental interface in Apache 
DolphinScheduler.

This issue affects Apache DolphinScheduler: before 3.4.2.

Users are recommended to upgrade to version 3.4.2, which fixes the issue.

Credit:

b0b0haha ([email protected]) (finder)
j311yl0v3u ([email protected]) (finder)

References:

https://dolphinscheduler.apache.org
https://www.cve.org/CVERecord?id=CVE-2026-32967

CVE-2026-32967: Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks

Reply via email to