CVE Catalog

CVE-2026-32966

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

Missing authorization check in DataSource API leads to arbitrary data source metadata disclosure in Apache DolphinScheduler.

Risk Assessment

Organizations may be exposed to unauthorized access to sensitive information contained in data source metadata.

Recommendation

It is recommended to upgrade to version 3.4.2, which fixes the issue.

Original NVD description (English source)

DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS