Ghostwire

CVE-2026-23902: Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login...

MEDIUM CVSS 0.0 Exploit Available

Published: April 24, 2026 | Last Modified: April 24, 2026

Description

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to upgrade to version 3.4.1, which fixes this issue.

Ghostwire Analysis — What This Means Practically

Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References

lists.apache.org/thread/hy4ntb2gys8150zfmnxhsd5ph0hoh7s9
www.openwall.com/lists/oss-security/2026/04/24/1
www.tenable.com/cve/CVE-2026-23902
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-23902