CVE-2026-33323

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.51 and 9.6.0-alpha.40, the Pages route and legacy PublicAPI route for resending email verification links return distinguishable responses depending on whether the provided...

CVE-2026-33323

Summary (CVE-2026-33323): Parse Server exposes an information disclosure vulnerability in the Pages and legacy PublicAPI routes used to resend email verification links. Before versions 8.6.51 and 9.6.0-alpha.40, these endpoints leak whether a given username exists and has an unverified email by r...

CVE-2026-33323 Parse Server: Email verification resend page leaks user existence

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.51 and 9.6.0-alpha.40, the Pages route and legacy PublicAPI route for resending email verification links return distinguishable responses depending on whether the provided...

Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.51 and 9.6.0-alpha.40. These vulnerabilities stemmed from the re-rendering of email...