CVE-2026-23980
EUVD-2026-847424.02.2026, 14:16
Improper Neutralization of Special Elements used in a SQL Command ('SQL Injection') vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters.
This issue affects Apache Superset: before 6.0.0.
Users are recommended to upgrade to version 6.0.0, which fixes the issue.Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| apache | superset | 𝑥 < 6.0.0 |
𝑥
= Vulnerable software versions