Lucene search
K

5 matches found

OSV
OSV
added 2026/03/12 2:48 p.m.2 views

BIT-PARSE-2026-31800 Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routes

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2 and 8.6.25, the GraphQLConfig and Audience internal classes can be read, modified, and deleted via the generic /classes/GraphQLConfig and /classes/Audience REST API routes withou...

9.1CVSS5.8AI score0.00335EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/10 8:51 p.m.2 views

CVE-2026-31800 Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routes

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.12 and 8.6.25, the GraphQLConfig and Audience internal classes can be read, modified, and deleted via the generic /classes/GraphQLConfig and /classes/Audience REST API rout...

8.8CVSS5.8AI score0.00335EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/10 8:51 p.m.26 views

CVE-2026-31800 Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routes

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.12 and 8.6.25, the GraphQLConfig and Audience internal classes can be read, modified, and deleted via the generic /classes/GraphQLConfig and /classes/Audience REST API rout...

8.8CVSS0.00335EPSS
Exploits0References3
CVE
CVE
added 2026/03/10 8:51 p.m.13 views

CVE-2026-31800

Parse Server (Node.js) vulerable prior to 9.5.2-alpha.12 and 8.6.25 where internal classes _GraphQLConfig and _Audience can be read, modified, or deleted via the generic /classes/_GraphQLConfig and /classes/_Audience routes without master key authentication. This bypasses the master key enforceme...

9.1CVSS5.8AI score0.00335EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/10 8:51 p.m.4 views

CVE-2026-31800 Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routes

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.12 and 8.6.25, the GraphQLConfig and Audience internal classes can be read, modified, and deleted via the generic /classes/GraphQLConfig and /classes/Audience REST API rout...

8.8CVSS5.8AI score0.00335EPSS
Exploits0References5
Rows per page
Query Builder