CVE-2026-32967

CVE-2026-32967: Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks

Vendor Apache Software Foundation

Product Apache DolphinScheduler

Weakness CWE-863 · Incorrect authorization

Published June 17, 2026

Last update June 17, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.

Key dates

Disclosure timeline

June 17, 2026 CVE published