CVE-2026-32966

CVE-2026-32966: Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure

Vendor Apache Software Foundation

Product Apache DolphinScheduler

Weakness CWE-863 · Incorrect authorization

Published June 17, 2026

Last update June 17, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.

Key dates

Disclosure timeline

June 17, 2026 CVE published