Critical SSTI Vulnerability Discovered in Apache Superset: Authenticated Users Can Execute Arbitrary Server Code

A critical Server-Side Template Injection (SSTI) vulnerability has been identified in Apache Superset, the widely deployed open-source data exploration and visualization platform. The flaw resides in `superset/jinja_context.py` within the `get_template_processor` and `process_template` functions, where user-supplied input from chart description and metric label fields is passed directly to Jinja2's `render_template_string()` without sandboxing. An authenticated attacker can exploit this to execute arbitrary Python code on the underlying server, effectively gaining full remote code execution capabilities.

The vulnerability enables a straightforward attack chain. A logged-in user navigates to chart editing, injects a Jinja2 payload into the description field—such as `{{ config.__class__.__init__.__globals__['os'].popen('id').read() }}`—then saves and loads the chart. The template engine processes the payload, executing the embedded command and rendering output directly in the UI. Authentication requirements limit the attack surface to platform users, but the consequences of successful exploitation are severe in any environment where Superset handles sensitive data or connects to internal systems.

Security researchers recommend three remediation paths: replacing `render_template_string` with Jinja2's `SandboxedEnvironment` to enforce strict template security boundaries, implementing a whitelist of permitted template variables to prevent access to sensitive globals, and adding input validation to reject template syntax characters like `{{` in non-template fields. The vulnerability bears technical relation to CVE-2023-27524, a prior Flask SECRET_KEY issue in Superset that exposed session data. Organizations running Superset instances should prioritize patching, restrict user permissions where immediate updates are infeasible, and audit existing charts for malicious template payloads.