GHSA-85g9-8j9g-p486CriticalCVSS 9.1

Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks

Published
June 17, 2026
Last Modified
June 18, 2026

🔗 CVE IDs covered (1)

📋 Description

Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler.

This issue affects Apache DolphinScheduler: before 3.4.2.

Users are recommended to upgrade to version 3.4.2, which fixes the issue.

🎯 Affected products1

  • maven/org.apache.dolphinscheduler:dolphinscheduler-api:< 3.4.2

🔗 References (4)