CVE Catalog

CVE-2026-42357

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

The Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.

Risk Assessment

The organization may be exposed to unauthorized access to sensitive project data, potentially leading to privacy breaches and information security issues.

Recommendation

Users are recommended to upgrade to version 3.4.2, which fixes this issue.

Original NVD description (English source)

Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS