1. Authorization Flaw in Apache Superset Allowed Lower-Privilege Users to Create Roles
A critical improper authorization vulnerability in Apache Superset enabled lower-privilege users to create roles when the FAB_ADD_SECURITY_API feature flag was activated. The flaw, documented in the project's security advisories, allowed authenticated users with restricted permissions to bypass intended access controls...