CVE-2026-42357
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
The Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.
Risk Assessment
The organization may be exposed to unauthorized access to sensitive project data, potentially leading to privacy breaches and information security issues.
Recommendation
Users are recommended to upgrade to version 3.4.2, which fixes this issue.
Original NVD description (English source)
Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue.

