2
1
4
0
Vulnerability Timeline
2 vulnerabilities discovered over time for Superset
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-23980 | 5.3 | This vulnerability allows an authenticated user with read access to manipulate SQL queries, potentially exposing sensitive data or causing errors in the database. It affects versions of Apache Superset prior to 6.0.0, so users should upgrade to this version to fix the issue. | apachesuperset | Exploit Available | about 1 month agoFeb 24, 2026 |
| CVE-2026-23969 | 5.3 | This vulnerability allows an attacker to execute potentially harmful SQL functions in Apache Superset when using the ClickHouse database, due to an incomplete list of restricted functions. To exploit this, the attacker needs access to SQL Lab or charts in a version of Superset prior to 4.1.2. | apachesuperset | Exploit Available | about 1 month agoFeb 24, 2026 |
About Apache Superset Security
This page provides comprehensive security vulnerability tracking for Apache Superset. Our database includes all CVEs affecting this product, updated in real-time from official sources.
Each vulnerability listing includes detailed CVSS severity analysis, exploit availability status, AI-generated explanations, and direct links to official security patches and vendor advisories.
Security Recommendations
- • Always keep Superset updated to the latest version
- • Subscribe to security advisories from Apache
- • Monitor this page for new vulnerabilities affecting your version
- • Prioritize patching critical and high severity issues immediately