CVE-2026-23902 | THREATINT

Description

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to upgrade to version 3.4.1, which fixes this issue.

PUBLISHED Reserved 2026-01-18 | Published 2026-04-24 | Updated 2026-04-24 | Assigner apache

Problem types

CWE-863 Incorrect Authorization

Product status

Default status

unaffected

Any version before 3.4.1

affected

Credits

Jihang Yu reporter

References

www.openwall.com/lists/oss-security/2026/04/24/1

lists.apache.org/thread/hy4ntb2gys8150zfmnxhsd5ph0hoh7s9 vendor-advisory

cve.org (CVE-2026-23902)

nvd.nist.gov (CVE-2026-23902)

Download JSON