Follow @Openwall on Twitter for new release announcements and other news
[<prev] [day] [month] [year] [list] 
Message-ID: <4aeed10a-3871-8184-90aa-af2ace884fd9@apache.org>
Date: Wed, 17 Jun 2026 01:39:14 +0000
From: Wenjun Ruan <wenjun@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2026-41280: Apache DolphinScheduler: Incorrect Authorization
 vulnerability allows users with system login privileges to delete task
 definitions in unauthorized projects 

Severity: moderate 

Affected versions:

- Apache DolphinScheduler (org.apache.dolphinscheduler:dolphinscheduler-api) before 3.4.2

Description:

Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects

This issue affects Apache DolphinScheduler versions prior to 3.4.2. 

Users are recommended to upgrade to version 3.4.2, which fixes this issue.

Credit:

Yicheng Yu(https://github.com/FHMTT) (finder)

References:

https://dolphinscheduler.apache.org
https://www.cve.org/CVERecord?id=CVE-2026-41280

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.