2
1
4
0
Vulnerability Timeline
2 vulnerabilities discovered over time for Superset
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-23984 | 7.1 | This vulnerability allows an authenticated user with access to SQLLab in Apache Superset to bypass restrictions and execute unauthorized data manipulation commands on a PostgreSQL database, even though the system is supposed to prevent such actions. To exploit this, the attacker must have valid credentials and access to the SQLLab feature before the software is updated to version 6.0.0, which fixes the issue. | apachesuperset | Theoretical | about 1 month agoFeb 24, 2026 |
| CVE-2026-23982 | 7.1 | This vulnerability allows a low-privileged user to access unauthorized data by manipulating existing datasets in Apache Superset. An attacker needs to have permission to create datasets and read charts, which lets them overwrite SQL queries and bypass data access controls. | apachesuperset | Exploit Available | about 1 month agoFeb 24, 2026 |
About Apache Superset Security
This page provides comprehensive security vulnerability tracking for Apache Superset. Our database includes all CVEs affecting this product, updated in real-time from official sources.
Each vulnerability listing includes detailed CVSS severity analysis, exploit availability status, AI-generated explanations, and direct links to official security patches and vendor advisories.
Security Recommendations
- • Always keep Superset updated to the latest version
- • Subscribe to security advisories from Apache
- • Monitor this page for new vulnerabilities affecting your version
- • Prioritize patching critical and high severity issues immediately