oss-security - CVE-2026-47340: Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Message-ID: <677e355d-ea95-5368-6252-f13e30b74915@apache.org>
Date: Wed, 17 Jun 2026 01:36:01 +0000
From: Wenjun Ruan <wenjun@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2026-47340: Apache DolphinScheduler: An incorrect
 authorization vulnerability allows authenticated users to access alert
 instances associated with alert groups they do not have permission to
 access. 

Severity: moderate 

Affected versions:

- Apache DolphinScheduler (org.apache.dolphinscheduler:dolphinscheduler-api) before 3.4.2

Description:

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler.

This issue affects Apache DolphinScheduler: before 3.4.2.

Users are recommended to upgrade to version 3.4.2, which fixes the issue.

Credit:

thesecguy45@...il.com (finder)
udolemi (S2W) (finder)

References:

https://dolphinscheduler.apache.org
https://www.cve.org/CVERecord?id=CVE-2026-47340

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.