PYSEC-2026-1172

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/apache-superset/PYSEC-2026-1172.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1172
Aliases
Published
2026-07-07T11:45:23.202958Z
Modified
2026-07-07T17:56:10.326542777Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Apache Superset may expose internal traces on REST API endpoints
Details

By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.

References

Affected packages

PyPI / apache-superset

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.1

Affected versions

0.*
0.34.0
0.34.1
0.35.1
0.35.2
0.36.0
0.37.0
0.37.1
0.37.2
0.38.0
0.38.1
1.*
1.0.0
1.0.1
1.1.0
1.2.0
1.3.0
1.3.1
1.3.2
1.4.0
1.4.1
1.4.2
1.5.0
1.5.1
1.5.2
1.5.3
2.*
2.0.0
2.0.1
2.1.0
2.1.1rc1
2.1.1rc2
2.1.1rc3

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/apache-superset/PYSEC-2026-1172.yaml"