Apache Superset SQLLab Flaw Bypasses Read-Only Query Validation on Postgres Databases

A critical Improper Authorization vulnerability in Apache Superset's SQLLab feature allows authenticated users to execute write operations on Postgres analytic databases that should be restricted to read-only access. The flaw stems from improper validation of SQL DML statements, enabling specially crafted queries to bypass intended security controls. This exposes organizations to unauthorized data manipulation even when Postgres connections are configured with a readonly user.

The vulnerability specifically affects Postgres analytic database connections within SQLLab. By constructing specially designed SQL DML statements, an attacker with valid SQLLab access can circumvent the read-only validation mechanism. Non-Postgres analytics database connections remain unaffected by this flaw, as the vulnerability is isolated to how Superset processes read-only checks for Postgres connections. The issue affects Apache Superset versions prior to 4.1.0, and users are recommended to upgrade immediately.

Security teams should prioritize patching to version 4.1.0, which addresses this authorization bypass. For organizations unable to upgrade immediately, configuring Postgres analytics database connections with a readonly user provides an effective defense-in-depth measure against exploitation. The attack requires authenticated SQLLab access, meaning the primary risk vector involves compromised accounts or insider threats within environments where SQLLab is enabled.