PT-2026-24689

🗓️ 11 Mar 2026 00:00:00Reported by Positive TechnologiesType

Parse Server pre nine point six alpha six and eight point six thirty two bypasses protected fields via dot notation, enabling value enumeration.

Reporter	Title	Published	Views	Family All 16
ATTACKERKB	CVE-2026-31872	11 Mar 202618:02	–	attackerkb
CNNVD	Parse Server 访问控制错误漏洞	11 Mar 202600:00	–	cnnvd
CVE	CVE-2026-31872	11 Mar 202618:02	–	cve
Cvelist	CVE-2026-31872 Parse Server has a protected fields bypass via dot-notation in query and sort	11 Mar 202618:02	–	cvelist
EUVD	EUVD-2026-11279	11 Mar 202600:34	–	euvd
Github Security Blog	Parse Server has a protected fields bypass via dot-notation in query and sort	11 Mar 202600:34	–	github
NVD	CVE-2026-31872	11 Mar 202618:16	–	nvd
OSV	BIT-PARSE-2026-31872 Parse Server has a protected fields bypass via dot-notation in query and sort	13 Mar 202612:28	–	osv
OSV	CVE-2026-31872 Parse Server has a protected fields bypass via dot-notation in query and sort	11 Mar 202618:02	–	osv
OSV	GHSA-R2M8-PXM9-9C4G Parse Server has a protected fields bypass via dot-notation in query and sort	11 Mar 202600:34	–	osv

Source	Link
osv	www.osv.dev/vulnerability/CVE-2026-31872
osv	www.osv.dev/vulnerability/BIT-parse-2026-31872
reddit	www.reddit.com/r/VulnMatter/comments/1rqu37b/resumen_diario_de_vulnerabilidades_11032026
github	www.github.com/parse-community/parse-server
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31872.json
twitter	www.twitter.com/CVEnew/status/2031992392526835783
github	www.github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.6
github	www.github.com/parse-community/parse-server/security/advisories/GHSA-r2m8-pxm9-9c4g
osv	www.osv.dev/vulnerability/GHSA-r2m8-pxm9-9c4g
github	www.github.com/parse-community/parse-server/releases/tag/8.6.32

13 Mar 2026 00:00Current

5.8Medium risk

Vulners AI Score5.8

CVSS 48.7

EPSS0.00049

SSVC