Apache Superset: Exposure of Sensitive Information via Incomplete ClickHouse Function Filtering
Description
Apache Superset utilizes a configurable dictionary, DISALLOWED_SQL_FUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the ClickHouse engine was incomplete.
This issue affects Apache Superset: before 4.1.2.
Users are recommended to upgrade to version 4.1.2, which fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Apache Superset before 4.1.2 has an incomplete DISALLOWED_SQL_FUNCTIONS default list for ClickHouse, allowing sensitive SQL function execution and information exposure.
Vulnerability
Description Apache Superset provides a security mechanism, DISALLOWED_SQL_FUNCTIONS, to block potentially dangerous SQL functions in SQL Lab and charts. While this dictionary was configured for databases like PostgreSQL, the default list for ClickHouse was incomplete, leaving it possible to execute functions that should have been prohibited [1][3].
Exploitation
An authenticated user with access to SQL Lab or chart querying can leverage these unblocked ClickHouse functions to extract sensitive information. The attack requires only the ability to write SQL queries against a ClickHouse datasource, which is a standard feature in Superset [3]. No special privileges beyond normal query access are needed.
Impact
Successful exploitation can lead to exposure of sensitive data stored in ClickHouse, potentially violating confidentiality requirements. The vulnerability is categorized as an information disclosure issue [1][3].
Mitigation
The vulnerability affects all Apache Superset versions before 4.1.2. Users should upgrade to version 4.1.2, which includes a complete default list of disallowed SQL functions for ClickHouse [1][3].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-supersetPyPI | < 4.1.2 | 4.1.2 |
Affected products
2- Apache Software Foundation/Apache Supersetv5Range: 0.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-48m2-v2r8-h23mghsaADVISORY
- lists.apache.org/thread/2q22sp4oj3krcgdkxchhtht0vgwp2wndghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-23969ghsaADVISORY
- www.openwall.com/lists/oss-security/2026/02/24/4ghsaWEB
News mentions
2- TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook WormsThe Hacker News · May 8, 2026
- Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)Unit 42 · Apr 17, 2026