Auth bypass in Apache Software Foundation Dolphinscheduler

CVE-2026-23902

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinSche…

Vulnerability class: Broken Access Control

EPSS: 0.000 (6.6th percentile) — read the EPSS interpretation.