CVE-2026-42357: Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.

June 17, 2026 (updated June 18, 2026)

Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.

This issue affects Apache DolphinScheduler versions prior to 3.4.2.

Users are recommended to upgrade to version 3.4.2, which fixes this issue.

References

github.com/advisories/GHSA-wv7f-c794-82v6
lists.apache.org/thread/74l2rrz32w2chn7vz64313gk7ox5wjtr
nvd.nist.gov/vuln/detail/CVE-2026-42357

Code Behaviors & Features

Detect and mitigate CVE-2026-42357 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →