Security Advisory

CVE-2026-23980

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-24 12:54:09

Last updated 2026-02-24 18:19:36

Assigner apache

State PUBLISHED

Description

Improper Neutralization of Special Elements used in a SQL Command (SQL Injection) vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters. This issue affects Apache Superset: before 6.0.0. Users are recommended to upgrade to version 6.0.0, which fixes the issue.

← Browse all CVEs View on cve.org ↗