GHSA-JHP4-JVQ3-W5XR Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions

Impact The ConfigKeyCache uses the same cache key for both master key and read-only master key when resolving function-typed keys. Under specific timing conditions, a read-only user can receive the cached full master key, or a regular user can receive the cached read-only master key. Patches The...

CVE-2026-27610 Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the ConfigKeyCache uses the same cache key for both master key and read-only master key when resolving function-typed keys. Under specific timing conditions, a read-only use...

CVE-2026-27610

In Parse Dashboard, versions 7.3.0-alpha.42 through 9.0.0-alpha.7 have a vulnerability where the ConfigKeyCache uses the same cache key for both the master key and the read-only master key when resolving function-typed keys. Under specific timing conditions, this can allow a read-only user to obt...

CVE-2026-27610 Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the ConfigKeyCache uses the same cache key for both master key and read-only master key when resolving function-typed keys. Under specific timing conditions, a read-only use...