CVE-2026-32966
Undergoing Analysis Undergoing Analysis - In Progress
BaseFortify

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Apache Software Foundation

Description
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-32966
EUVD
EUVD-2026-37580
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache dolphinscheduler to 3.4.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-32966 is a vulnerability in Apache DolphinScheduler versions before 3.4.2 where the DataSource API lacks an authorization check.

This missing authorization check allows attackers to disclose arbitrary data source metadata, potentially exposing sensitive information.

Impact Analysis

The vulnerability can lead to unauthorized disclosure of data source metadata, which may include sensitive configuration or connection details.

Attackers exploiting this issue could gain insights into the data infrastructure, potentially aiding further attacks or data breaches.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade Apache DolphinScheduler to version 3.4.2 or later, as this version includes the fix for the missing authorization check in the DataSource API.

Compliance Impact

The vulnerability in Apache DolphinScheduler allows arbitrary disclosure of data source metadata due to a missing authorization check in the DataSource API.

Such unauthorized disclosure of data source metadata could potentially lead to non-compliance with data protection regulations like GDPR or HIPAA, which require strict controls over access to sensitive data and metadata.

However, the provided information does not explicitly discuss the impact on compliance with these standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32966. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart