Primary

Context

Apache Superset Improper Input Validation Vulnerability in SQLLab PostgreSQL Read-Only Bypass

Vulnerability

A vulnerability allowing improper input validation has been identified in Apache Superset versions prior to 6.0.0. This issue allows authenticated users with SQLLab access to bypass read-only verification checks on PostgreSQL database connections. While the system typically prevents standard Data Manipulation Language (DML) operations such as INSERT, UPDATE, and DELETE on read-only connections, it fails to recognize these actions within specially crafted SQL statements.

Impact

Exploitation of this vulnerability could lead to unauthorized data modifications on read-only PostgreSQL connections by bypassing standard DML restrictions.

Remediation

Users are advised to upgrade to Apache Superset version 6.0.0 or later, which addresses this vulnerability.

Added: Feb 24, 2026, 3:00 PM

Updated: Feb 24, 2026, 11:03 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.8

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.8

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Superset Improper Input Validation Vulnerability in SQLLab PostgreSQL Read-Only Bypass

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating