CVE Catalog

CVE-2026-41280

MediumCVSS 4.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

The Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects.

Risk Assessment

The organization may be exposed to unauthorized deletion of important task definitions, potentially disrupting system operations.

Recommendation

It is recommended to upgrade to version 3.4.2, which fixes this issue.

Original NVD description (English source)

Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS