2026-02-24 12:54:09
apache
PUBLISHED
Improper Neutralization of Special Elements used in a SQL Command (SQL Injection) vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters. This issue affects Apache Superset: before 6.0.0. Users are recommended to upgrade to version 6.0.0, which fixes the issue.