1. MCP JWT Authentication Flaw in Apache Superset Enables Account Takeover via Claim Manipulation
A critical authentication bypass vulnerability has been identified in the Model Context Protocol (MCP) service implementation within Apache Superset, allowing federated attackers to authenticate as any user—including administrative accounts—by exploiting how JWT claims are resolved during login. The flaw resides in `s...