This is an automated email from the ASF dual-hosted git repository.
rusackas pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git
The following commit(s) were added to refs/heads/master by this push:
new a410b76f99d docs: add Apache Superset CVEs for February 2026 release
(#38278)
a410b76f99d is described below
commit a410b76f99d3863944de239942ed141f78cacb8d
Author: Shaitan <[email protected]>
AuthorDate: Fri Feb 27 22:46:44 2026 +0000
docs: add Apache Superset CVEs for February 2026 release (#38278)
---
docs/admin_docs/security/cves.mdx | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/docs/admin_docs/security/cves.mdx
b/docs/admin_docs/security/cves.mdx
index 10db1d1aacf..a8c2cbb95c2 100644
--- a/docs/admin_docs/security/cves.mdx
+++ b/docs/admin_docs/security/cves.mdx
@@ -2,6 +2,15 @@
title: CVEs fixed by release
sidebar_position: 2
---
+#### Version 6.0.0
+
+| CVE | Title
| Affected |
+|:---------------|:-----------------------------------------------------------------------------------|---------:|
+| CVE-2026-23980 | Improper Neutralization of Special Elements used in a SQL
Command | < 6.0.0 |
+| CVE-2026-23982 | Improper Authorization in Dataset Creation Allows Access
Control Bypass | < 6.0.0 |
+| CVE-2026-23983 | Information Disclosure of sensitive user info via Tags
| < 6.0.0 |
+| CVE-2026-23984 | SQLLab Read-Only Bypass on PostgreSQL (DML execution)
| < 6.0.0 |
+
#### Version 5.0.0
| CVE | Title
| Affected |
@@ -22,6 +31,7 @@ sidebar_position: 2
|:---------------|:-----------------------------------------------------------------------------------|---------:|
| CVE-2025-27696 | Improper authorization leading to resource ownership
takeover | < 4.1.2 |
| CVE-2025-48912 | Improper authorization bypass on row level security via SQL
Injection | < 4.1.2 |
+| CVE-2026-23969 | Exposure of Sensitive Information via Incomplete ClickHouse
Function Filtering | < 4.1.2 |
#### Version 4.1.0
