CVE-2026-23982

CWE-863Incorrect Authorization5 documents5 sources
Severity
7.1HIGH
EPSS
0.0%
top 85.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache SupersetApache Superset
Timeline
PublishedFeb 24

Description

An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to write datasets and read charts can bypass these checks by overwriting the SQL query of an existing dataset. This issue affects Apache Superset: before 6.0.0. Users are recommended to upgrade to versio

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

NVDapache/superset< 6.0.0
PyPIapache-superset< 6.0.0

🔴Vulnerability Details

3
GHSA
Apache Superset Improper Authorization allows low-privileged users to bypass access controls2026-02-24
OSV
Apache Superset Improper Authorization allows low-privileged users to bypass access controls2026-02-24
CVEList
Apache Superset: Improper Authorization in Dataset Creation Allows Access Control Bypass2026-02-24

🕵️Threat Intelligence

1
Wiz
CVE-2026-23982 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23982 (HIGH CVSS 7.1) | An Improper Authorization vulnerabi | cvebase.io