Dolphinscheduler

This hub aggregates every CVE we track for Dolphinscheduler, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

OSS Librarieslibrarylibrary

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

HIGH14MEDIUM10CRITICAL8

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Dolphinscheduler.

CVE-2026-47340Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.6.5Jun 17, 2026
CVE-2026-32967Apache DolphinScheduler: The `/v2` experimental interface lacks permission checks9.1Jun 17, 2026
CVE-2026-42357Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.6.5Jun 17, 2026
CVE-2026-41280Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects4.9Jun 17, 2026
CVE-2026-32966Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure9.8Jun 17, 2026
CVE-2026-23902Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution.8.1Apr 24, 2026
CVE-2025-62233Apache DolphinScheduler: Deserialization of untrusted data in RPC6.3Apr 24, 2026
CVE-2025-62188Apache DolphinScheduler: Users can access sensitive information through the actuator endpoint.7.5Apr 9, 2026
CVE-2024-43166Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes th...9.8Sep 3, 2025
CVE-2024-43115Apache DolphinScheduler: Alert Script Attack8.8Sep 3, 2025
CVE-2024-43202Apache DolphinScheduler: Remote Code Execution Vulnerability9.8Aug 20, 2024
CVE-2024-30188Apache DolphinScheduler: Resource File Read And Write Vulnerability8.1Aug 9, 2024
CVE-2024-29831Apache DolphinScheduler: RCE by arbitrary js execution8.8Aug 9, 2024
CVE-2024-23320Apache DolphinScheduler: Arbitrary js execution as root for authenticated users8.8Feb 23, 2024
CVE-2023-51770Apache DolphinScheduler: Arbitrary File Read Vulnerability7.5Feb 20, 2024

Product normalization is registry-driven with AI assist and human review. How it works