CVE Catalog
CVE-2026-41280
MediumCVSS 4.9Exploitation Probability (EPSS)
Low risk0.20%
10th percentile — higher than 10% of all known CVEs
Summary
The Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects.
Risk Assessment
The organization may be exposed to unauthorized deletion of important task definitions, potentially disrupting system operations.
Recommendation
It is recommended to upgrade to version 3.4.2, which fixes this issue.
Original NVD description (English source)
Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue.

