PT-2026-21680 · Apache · Apache Superset
Daniel Gaspar
+1
·
Published
2026-02-24
·
Updated
2026-02-28
·
CVE-2026-23982
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Apache Superset versions prior to 6.0.0
Description
An improper authorization issue exists in Apache Superset that allows a low-privileged user to bypass data access controls. Specifically, an authenticated attacker with permissions to write datasets and read charts can bypass permission checks by overwriting the SQL query of an existing dataset when creating a dataset. This allows unauthorized data access.
Recommendations
Upgrade to version 6.0.0 to resolve the issue.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Superset