Primary

Context

Apache Superset SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in Apache Superset versions prior to 6.0.0. This vulnerability allows an authenticated user with read access to perform error-based SQL injection through the sqlExpression or where parameters. The issue arises from improper neutralization of special elements used in SQL commands.

Impact

Exploitation of this vulnerability allows for error-based SQL injection, where an attacker can manipulate SQL queries to extract information from the database or potentially execute arbitrary SQL commands.

Remediation

Users are advised to upgrade to Apache Superset version 6.0.0 or later, which addresses this vulnerability.

Added: Feb 24, 2026, 3:02 PM

Updated: Feb 24, 2026, 11:04 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Superset SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating