docs: add Apache Superset CVEs for February 2026 release (#38278)

2026-04-07 10:31:50 +00:00 · 2026-02-27 22:46:44 +00:00
parent 63f1d9eb98
commit a410b76f99
1 changed files with 10 additions and 0 deletions
--- a/docs/admin_docs/security/cves.mdx
+++ b/docs/admin_docs/security/cves.mdx
@@ -2,6 +2,15 @@
 title: CVEs fixed by release
 sidebar_position: 2
 ---
+#### Version 6.0.0
+
+| CVE            | Title                                                                              | Affected |
+|:---------------|:-----------------------------------------------------------------------------------|---------:|
+| CVE-2026-23980 | Improper Neutralization of Special Elements used in a SQL Command                  |  < 6.0.0 |
+| CVE-2026-23982 | Improper Authorization in Dataset Creation Allows Access Control Bypass            |  < 6.0.0 |
+| CVE-2026-23983 | Information Disclosure of sensitive user info via Tags                             |  < 6.0.0 |
+| CVE-2026-23984 | SQLLab Read-Only Bypass on PostgreSQL (DML execution)                              |  < 6.0.0 |
+
 #### Version 5.0.0

 | CVE            | Title                                                                              | Affected |
@@ -22,6 +31,7 @@ sidebar_position: 2
 |:---------------|:-----------------------------------------------------------------------------------|---------:|
 | CVE-2025-27696 | Improper authorization leading to resource ownership takeover                      |  < 4.1.2 |
 | CVE-2025-48912 | Improper authorization bypass on row level security via SQL Injection              |  < 4.1.2 |
+| CVE-2026-23969 | Exposure of Sensitive Information via Incomplete ClickHouse Function Filtering     |  < 4.1.2 |

 #### Version 4.1.0