CVE-2026-47340
Undergoing Analysis Undergoing Analysis - In Progress
Unauthorized Access to Alert Instances in Apache DolphinScheduler

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Apache Software Foundation

Description
Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-47340
EUVD
EUVD-2026-37584
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache dolphinscheduler to 3.4.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-47340 is an incorrect authorization vulnerability in Apache DolphinScheduler. It allows authenticated users to access alert instances that are associated with alert groups for which they do not have permission.

This means that users who have logged in can view or interact with alerts that should be restricted to other groups, potentially exposing sensitive information or system states.

Impact Analysis

The vulnerability can lead to unauthorized access to alert instances, which may expose sensitive operational information or system alerts to users who should not have access.

This could result in information leakage, reduced system confidentiality, and potentially allow malicious users to gain insights that could be used for further attacks or misuse.

Mitigation Strategies

To mitigate this vulnerability, users are advised to upgrade Apache DolphinScheduler to version 3.4.2 or later, which contains the fix for this incorrect authorization issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47340. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart