CVE-2026-23980

← CVEs

MED 6.5

Published

2026-02-24

Last Modified

2026-02-25

Affected Apps

Affected Devices

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Improper Neutralization of Special Elements used in a SQL Command ('SQL Injection') vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters. This issue affects Apache Superset: before 6.0.0. Users are recommended to upgrade to version 6.0.0, which fixes the issue.

Affected Applications in Environment 4

OpenOffice v4.115.9813

4 devices

OpenOffice v4.114.9811

2 devices

OpenOffice v4.19.9805

1 device

OpenOffice v4.01.9714

1 device

Affected Devices 8

AIS-WORKSTATION Windows AIS2211-01 Windows ATWOOD-453Z1G3 Windows DESKTOP-73GV80U Windows DESKTOP-K1T0JHO Windows DPINFT-L1182P90 Windows DPMATH-194869 Windows DVS-FS1 Windows

References 2

https://lists.apache.org/thread/h4l02zw1pr2vywv0dc5zjn3grdcdhwf4
http://www.openwall.com/lists/oss-security/2026/02/24/5