CVE-2026-23969 Overview
Apache Superset utilizes a configurable dictionary, DISALLOWED_SQL_FUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the ClickHouse engine was incomplete. This SQL Injection-related vulnerability allows authenticated users to potentially execute restricted SQL functions when using ClickHouse as a database backend.
Critical Impact
Authenticated users with SQL Lab access can bypass SQL function restrictions on ClickHouse databases, potentially executing sensitive database operations that should be blocked by the security controls.
Affected Products
- Apache Superset versions prior to 4.1.2
- Apache Superset deployments using ClickHouse database engine
- Self-hosted and cloud Apache Superset instances with SQL Lab enabled
Discovery Timeline
- 2026-02-24 - CVE CVE-2026-23969 published to NVD
- 2026-02-26 - Last updated in NVD database
Technical Details for CVE-2026-23969
Vulnerability Analysis
This vulnerability is classified under CWE-89 (SQL Injection) and stems from an incomplete security configuration in Apache Superset's SQL function restriction mechanism. The DISALLOWED_SQL_FUNCTIONS dictionary is designed to prevent users from executing potentially dangerous SQL functions through SQL Lab and chart queries. However, the default configuration for the ClickHouse database engine was found to be incomplete, leaving security gaps that could be exploited by authenticated users.
The vulnerability is network-accessible with low attack complexity, requiring only low-level privileges to exploit. No user interaction is required for exploitation, making it a concern for organizations using ClickHouse as their analytical database with Apache Superset.
Root Cause
The root cause lies in the incomplete default configuration of the DISALLOWED_SQL_FUNCTIONS dictionary for the ClickHouse database engine. While PostgreSQL and other database engines had comprehensive restriction lists, the ClickHouse engine's default blocklist did not include all potentially sensitive SQL functions. This configuration gap allows certain dangerous ClickHouse-specific functions to be executed despite the security control being in place.
Attack Vector
An attacker with authenticated access to Apache Superset's SQL Lab feature can craft SQL queries that utilize ClickHouse-specific functions not included in the default blocklist. Since the attack vector is network-based, any authenticated user with SQL Lab permissions can potentially exploit this vulnerability from a remote location.
The exploitation requires the attacker to identify which sensitive ClickHouse functions are missing from the DISALLOWED_SQL_FUNCTIONS dictionary and then construct SQL queries leveraging those functions to access sensitive data or perform unauthorized operations.
Detection Methods for CVE-2026-23969
Indicators of Compromise
- Unusual SQL queries executed through SQL Lab targeting ClickHouse databases
- Query logs showing execution of ClickHouse-specific system functions that should typically be restricted
- Audit trail entries indicating access to sensitive database metadata or system tables
- Abnormal data export patterns through SQL Lab chart queries
Detection Strategies
- Monitor Apache Superset audit logs for SQL Lab query execution patterns against ClickHouse databases
- Implement database-level query logging on ClickHouse servers to capture all executed SQL statements
- Configure alerting for queries containing known sensitive ClickHouse functions such as system table access functions
- Review user permission assignments to identify accounts with SQL Lab access that may be over-privileged
Monitoring Recommendations
- Enable comprehensive SQL query logging in both Apache Superset and ClickHouse database instances
- Establish baseline behavior patterns for SQL Lab usage and alert on deviations
- Implement real-time monitoring of ClickHouse query execution for sensitive function calls
- Conduct periodic review of DISALLOWED_SQL_FUNCTIONS configuration against ClickHouse function documentation
How to Mitigate CVE-2026-23969
Immediate Actions Required
- Upgrade Apache Superset to version 4.1.2 or later immediately
- Review and audit the current DISALLOWED_SQL_FUNCTIONS configuration for ClickHouse
- Restrict SQL Lab access to only essential users until patching is complete
- Enable enhanced logging on ClickHouse databases connected to Apache Superset
Patch Information
Users are recommended to upgrade to Apache Superset version 4.1.2, which fixes this issue by providing a more comprehensive default list of disallowed SQL functions for the ClickHouse engine. The patch ensures that sensitive ClickHouse-specific functions are properly blocked by the DISALLOWED_SQL_FUNCTIONS security control.
For additional technical details, refer to the Apache Mailing List Thread and the Openwall OSS-Security Post.
Workarounds
- Manually extend the DISALLOWED_SQL_FUNCTIONS dictionary to include all sensitive ClickHouse functions
- Implement network-level restrictions on ClickHouse database access from the Superset application
- Temporarily disable SQL Lab access for ClickHouse data sources until the patch is applied
- Use database-level permissions to restrict which functions authenticated users can execute
# Configuration example - Review and update superset_config.py
# Add additional ClickHouse functions to the disallowed list
# DISALLOWED_SQL_FUNCTIONS = {
# "clickhouse": ["system.*", "url", "file", "remote", "remoteSecure", ...],
# }
# Restart Apache Superset after configuration changes
superset db upgrade
superset init
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
