PT-2026-50262 · Apache · Apache Dolphinscheduler

Yicheng Yu

·

Published

2026-06-17

·

Updated

2026-06-17

·

CVE-2026-41280

CVSS v3.1

4.9

Medium

VectorAV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects
This issue affects Apache DolphinScheduler versions prior to 3.4.2.
Users are recommended to upgrade to version 3.4.2, which fixes this issue.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2026-41280

Affected Products

Apache Dolphinscheduler