CVE-2023-27524CISA KEVEPSS p99.9%

CVE-2023-27524Apache Superset Insecure Default Initialization of Resource Vulnerability

Apache / Superset

Description

Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations that have not altered the default configured SECRET_KEY according to installation instructions.

Scoring

EPSS97.41% probability of exploitation · percentile 99.9% · 2026-06-18T12:00:27Z

CISA KEV entry

Added to KEV: 2024-01-08

(incoming)1

TypeTargetConfidenceTier
KEVEntryApache Superset Insecure Default Initialization of Resource Vulnerabilitykev-cve-2023-275240%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-27696
CVE
Apache CouchDB Insecure Default Initialization of Resource Vulnerability
CVE
Apache HugeGraph-Server Improper Access Control Vulnerability
CVE
Atlassian Confluence Data Center and Server Improper Authorization Vulnerability
CVE
Atlassian Confluence Data Center and Server Broken Access Control Vulnerability
CVE
Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.