Shodan
Vulnerabilities
Vulnerable Software
Apache:  >> Dolphinscheduler  >> 3.2.1  Security Vulnerabilities
CVE-2026-23902
Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1.  Users are recommended to upgrade to version 3.4.1, which fixes this issue.
CVSS Score
8.1
EPSS Score
0.0
Published
2026-04-24
CVE-2025-62233
Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler:  Version >= 3.2.0 and < 3.3.1. Attackers who can access the Master or Worker nodes can compromise the system by creating a StandardRpcRequest, injecting a malicious class type into it, and sending RPC requests to the DolphinScheduler Master/Worker nodes. Users are recommended to upgrade to version [3.3.1], which fixes the issue.
CVSS Score
6.3
EPSS Score
0.001
Published
2026-04-24
CVE-2024-43166
Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-09-03
CVE-2024-43115
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-09-03
CVE-2024-43202
Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue.
CVSS Score
9.8
EPSS Score
0.077
Published
2024-08-20
CVE-2024-30188
File read and write vulnerability in Apache DolphinScheduler ,  authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2.2, which fixes the issue.
CVSS Score
8.1
EPSS Score
0.885
Published
2024-08-12
CVE-2024-29831
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-08-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved