CVE-2026-41280

Summary

Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects

This issue affects Apache DolphinScheduler versions prior to 3.4.2.

Users are recommended to upgrade to version 3.4.2, which fixes this issue.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache DolphinScheduler0 < 3.4.2affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References