BIT-PARSE-2026-30972 Parse Server has a rate limit bypass via batch request endpoint

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior o 9.5.2 and 8.6.23, Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint /batch processes sub-requests internally by routing...

CVE-2026-30972

Parse Server is vulnerable due to the batch endpoint (/batch) bypassing Express middleware, including rate limiting, allowing a single request to bundle multiple sub-requests targeting rate-limited endpoints. This affects deployments that rely on the built-in rate limiting feature prior to versio...

CVE-2026-30972 Parse Server has a rate limit bypass via batch request endpoint

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior o 9.5.2-alpha.10 and 8.6.23, Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint /batch processes sub-requests internally by...

CVE-2026-30972

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior o 9.5.2-alpha.10 and 8.6.23, Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint /batch processes sub-requests internally by...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 9.5.2-alpha.10 and 8.6.23. These vulnerabilities stemmed from the batch request endpoint...