CVE Catalog

CVE-2026-47340

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile - higher than 11% of all known CVEs

Summary

In Apache DolphinScheduler before version 3.4.2, authenticated users can access alert instances associated with alert groups they do not have permission to access.

Risk Assessment

This may lead to unauthorized access to sensitive information within the system, posing a significant security risk to the organization.

Recommendation

It is recommended to upgrade to version 3.4.2, which fixes this issue.

Original NVD description (English source)

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS