CVE-2026-33539
Parse Server SQL injection vulnerability in PostgreSQL adapter (CVE-2026-33539). An attacker with master key access can inject SQL metacharacters into field name parameters of the aggregate $group stage or the distinct operation, enabling arbitrary SQL execution on PostgreSQL and privilege escala...