CVE-2026-27610 Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the ConfigKeyCache uses the same cache key for both master key and read-only master key when resolving function-typed keys. Under specific timing conditions, a read-only use...

CVE-2026-27609 Parse Dashboard Missing CSRF Protection on Agent Endpoint

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submit...

CVE-2026-27609 Parse Dashboard Missing CSRF Protection on Agent Endpoint

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submit...

CVE-2026-27609

Technical details beyond the initial description are not provided in the connected documents. Monitor for updates on affected versions and remediation for CVE-2026-27609.

CVE-2026-27609 Parse Dashboard Missing CSRF Protection on Agent Endpoint

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submit...

CVE-2026-27609

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submit...

CVE-2026-27608

Parse Dashboard vulnerability CVE-2026-27608 affects versions 7.3.0-alpha.42 through 9.0.0-alpha.7 where the AI Agent API (POST /apps/:appId/agent) lacks authorization, allowing authenticated users scoped to one app to access another app’s endpoint by changing the appId. Read-only users can recei...

CVE-2026-27608 Parse Dashboard Missing Authorization on Agent Endpoint

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent does not enforce authorization. Authenticated users scoped to specific apps can access any other app's agent endpoint by...

CVE-2026-27608 Parse Dashboard Missing Authorization on Agent Endpoint

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent does not enforce authorization. Authenticated users scoped to specific apps can access any other app's agent endpoint by...

CVE-2026-27608 Parse Dashboard Missing Authorization on Agent Endpoint

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent does not enforce authorization. Authenticated users scoped to specific apps can access any other app's agent endpoint by...

CVE-2026-27608

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent does not enforce authorization. Authenticated users scoped to specific apps can access any other app's agent endpoint by...

OSV-2026-307 Global-buffer-overflow in navcom_parse

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=486709178 Crash type: Global-buffer-overflow READ 1 Crash state: navcomparse gpsdpoll FuzzDrivers.c...

Parse Dashboard 跨站请求伪造漏洞

Parse Dashboard is an dashboard tool open source by the Parse Platform. Versions of Parse Dashboard from 7.3.0-alpha.42 to 9.0.0-alpha.7 have a cross-site request forgeing vulnerability. This vulnerability stems from the lack of CSRF protection on the AI Agent API endpoints, which may allow...

PT-2026-22056

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.3 Parse Server versions prior to 9.1.1-alpha.4 Description Parse Server is susceptible to a security issue where an unauthenticated attacker can create a forged Google authentication token using alg: "none" t...

PT-2026-21837

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submit...

Parse Dashboard 安全漏洞

Parse Dashboard is an dashboard tool open source by the Parse Platform. Versions of Parse Dashboard from 7.3.0-alpha.42 to 9.0.0-alpha.7 have security vulnerabilities. These vulnerabilities stem from the lack of enforcement of authorization for the AI Agent API endpoints, which may allow...

PT-2026-21833

Name of the Vulnerable Software and Affected Versions Parse Dashboard versions 7.3.0-alpha.42 through 9.0.0-alpha.7 Description Parse Dashboard, a standalone dashboard for managing Parse Server apps, contains security issues in the AI Agent API endpoint /apps/:appId/agent. Versions 7.3.0-alpha.42...

Parse Dashboard 访问控制错误漏洞

Parse Dashboard is an dashboard tool open source by the Parse Platform. Versions of Parse Dashboard from 7.3.0-alpha.42 to 9.0.0-alpha.7 contain access control vulnerability issues. This vulnerability stems from multiple security vulnerabilities in the AI Agent API endpoints, which may allow...

Parse Dashboard 安全漏洞

Parse Dashboard is an dashboard tool open source by the Parse Platform. Versions of Parse Dashboard from 7.3.0-alpha.42 to 9.0.0-alpha.7 have security vulnerabilities. These vulnerabilities stem from ConfigKeyCache using the same cache keys for both master keys and read-only master keys, which ma...

PT-2026-21836

Name of the Vulnerable Software and Affected Versions Parse Dashboard versions 7.3.0-alpha.42 through 9.0.0-alpha.7 Description Parse Dashboard, a standalone dashboard for managing Parse Server apps, contains an issue where the AI Agent API endpoint POST /apps/:appId lacks proper authorization...