CVE-2026-41280

Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects

CVSS 4.9 MEDIUMEPSS 0.4%CWE-863

Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Affected products

Apache Software Foundation · Apache DolphinScheduler

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lists.apache.org/thread/5bv1njp3lbbbj11y20td5yz1b4nmrtvw http://www.openwall.com/lists/oss-security/2026/06/17/7