Moderate severityNVD Advisory· Published Oct 28, 2022· Updated May 7, 2025
Apache DolphinScheduler exposes files without authentication
CVE-2022-26884
Description
Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.dolphinscheduler:dolphinschedulerMaven | < 2.0.6 | 2.0.6 |
Affected products
2- Range: Apache DolphinScheduler
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.