CVE-2026-47340: Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.

June 17, 2026 (updated June 18, 2026)

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler.

This issue affects Apache DolphinScheduler: before 3.4.2.

Users are recommended to upgrade to version 3.4.2, which fixes the issue.

References

github.com/advisories/GHSA-694g-j8pj-cjj5
lists.apache.org/thread/gx6v1wjb6qg3fzksxomysspy2gw54ooc
nvd.nist.gov/vuln/detail/CVE-2026-47340

Code Behaviors & Features

Detect and mitigate CVE-2026-47340 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →