CVE-2026-23982

CVSS Score & Metrics

Base Score

6.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N                                    

Vulnerability Description

An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to write datasets and read charts can bypass these checks by overwriting the SQL query of an existing dataset.

This issue affects Apache Superset: before 6.0.0.

Users are recommended to upgrade to version 6.0.0, which fixes the issue.

Vulnerability Details

Published Date

February 24, 2026

Last Modified

February 25, 2026

CWE ID

CWE-863

Source

NVD

Vendor

Apache Software Foundation

Product

Apache Superset

External References

https://lists.apache.org/thread/9lvbzwkw4rxgdvbpfvnnnfcll92v75fp

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment