CVE Catalog
CVE-2026-32966
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk0.20%
10th percentile — higher than 10% of all known CVEs
Summary
Missing authorization check in DataSource API leads to arbitrary data source metadata disclosure in Apache DolphinScheduler.
Risk Assessment
Organizations may be exposed to unauthorized access to sensitive information contained in data source metadata.
Recommendation
It is recommended to upgrade to version 3.4.2, which fixes the issue.
Original NVD description (English source)
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.

