1
1
4
0
Vulnerability Timeline
1 vulnerabilities discovered over time for Superset
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-23983 | 2.3 | This vulnerability allows authenticated users with low privileges to access sensitive information, such as password hashes and email addresses, through a specific API endpoint in Apache Superset. To exploit this, the tagging feature must be enabled, which is not the default setting, but users should upgrade to version 6.0.0 to fully protect against this risk. | apachesuperset | Theoretical | about 1 month agoFeb 24, 2026 |
About Apache Superset Security
This page provides comprehensive security vulnerability tracking for Apache Superset. Our database includes all CVEs affecting this product, updated in real-time from official sources.
Each vulnerability listing includes detailed CVSS severity analysis, exploit availability status, AI-generated explanations, and direct links to official security patches and vendor advisories.
Security Recommendations
- • Always keep Superset updated to the latest version
- • Subscribe to security advisories from Apache
- • Monitor this page for new vulnerabilities affecting your version
- • Prioritize patching critical and high severity issues immediately