Vulnerabilities

CVE-2026-23980

by Fred · 24/02/2026

Improper Neutralization of Special Elements used in a SQL Command (‘SQL Injection’) vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters.

This issue affects Apache Superset: before 6.0.0.

Users are recommended to upgrade to version 6.0.0, which fixes the issue.

More information : https://lists.apache.org/thread/h4l02zw1pr2vywv0dc5zjn3grdcdhwf4

Similar

Tags: Cybersecurity Alert