Which CVE IDs does GHSA-694g-j8pj-cjj5 cover?

GHSA-694g-j8pj-cjj5 covers the following CVE IDs: CVE-2026-47340. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-694g-j8pj-cjj5?

GHSA-694g-j8pj-cjj5 has a CVSS v3 base score of 6.5, published by GitHub Security Advisories.

Which products are affected by GHSA-694g-j8pj-cjj5?

GHSA-694g-j8pj-cjj5 affects 1 product, including: maven/org.apache.dolphinscheduler:dolphinscheduler-api:\u003c 3.4.2.

GHSA-694g-j8pj-cjj5MediumCVSS 6.5

Apache DolphinScheduler: An incorrect authorization vulnerability allows authenticated users to access alert instances associated with alert groups they do not have permission to access.

Vendor

GitHub Security Advisories

Published

June 17, 2026

Last Modified

June 18, 2026

🔗 CVE IDs covered (1)

CVE-2026-47340 →

📋 Description

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler.

This issue affects Apache DolphinScheduler: before 3.4.2.

Users are recommended to upgrade to version 3.4.2, which fixes the issue.

🎯 Affected products1

maven/org.apache.dolphinscheduler:dolphinscheduler-api:< 3.4.2

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-47340
https://lists.apache.org/thread/gx6v1wjb6qg3fzksxomysspy2gw54ooc
http://www.openwall.com/lists/oss-security/2026/06/17/5
https://github.com/advisories/GHSA-694g-j8pj-cjj5