Primary

Context

Apache Superset Improper Authorization Vulnerability in Dataset Creation Allows Access Control Bypass

Vulnerability

A vulnerability allowing improper authorization has been identified in Apache Superset versions prior to 6.0.0. This vulnerability enables low-privileged users to bypass data access controls. When a dataset is created, Superset typically enforces permission checks to prevent unauthorized data queries. However, an authenticated user with the ability to write datasets and read charts can exploit this vulnerability by overwriting the SQL query of an existing dataset, thereby bypassing the access controls.

Impact

Exploitation of this vulnerability allows low-privileged users to bypass data access controls, potentially leading to unauthorized data access.

Remediation

Users are advised to upgrade to Apache Superset version 6.0.0 or later, which addresses this vulnerability.

Added: Feb 24, 2026, 3:00 PM

Updated: Feb 24, 2026, 11:03 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Superset Improper Authorization Vulnerability in Dataset Creation Allows Access Control Bypass

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating