3 matches found
CVE-2026-33409
Parse Server suffers an authentication bypass on login via partial authData. Affected versions are before 8.6.52 and 9.6.0-alpha.41, where an attacker can log in as a user linked to a third‑party provider if allowExpiredAuthDataToken is true. The attacker only needs the user’s provider ID, gainin...
CVE-2026-33409 Parse Server: Auth provider validation bypass on login via partial authData
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.52 and 9.6.0-alpha.41, an authentication bypass vulnerability allows an attacker to log in as any user who has linked a third-party authentication provider, without knowin...
CVE-2026-33409 Parse Server: Auth provider validation bypass on login via partial authData
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.52 and 9.6.0-alpha.41, an authentication bypass vulnerability allows an attacker to log in as any user who has linked a third-party authentication provider, without knowin...