CVE-2026-47340
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk11th percentile - higher than 11% of all known CVEs
Summary
In Apache DolphinScheduler before version 3.4.2, authenticated users can access alert instances associated with alert groups they do not have permission to access.
Risk Assessment
This may lead to unauthorized access to sensitive information within the system, posing a significant security risk to the organization.
Recommendation
It is recommended to upgrade to version 3.4.2, which fixes this issue.
Original NVD description (English source)
Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.

