Cross-site Request Forgery (CSRF)

Overview parse-dashboard is a The Parse Dashboard for Parse Server Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the agent endpoint. An attacker can perform unauthorized actions on behalf of an authenticated user by tricking them into visiting a malicious...

GHSA-3534-XP88-25RC Parse Dashboard is Missing CSRF Protection for its Agent Endpoint

Impact The AI Agent API endpoint POST /apps/:appId/agent lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submits requests to the agent endpoint using the victim's session. Patches The fix adds CSRF middleware to the agent endpoi...

Parse Dashboard is Missing CSRF Protection for its Agent Endpoint

Impact The AI Agent API endpoint POST /apps/:appId/agent lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submits requests to the agent endpoint using the victim's session. Patches The fix adds CSRF middleware to the agent endpoi...

GHSA-CVWJ-6C9H-JG6V Parse Dashboard is Missing Authorization for its Agent Endpoint

Impact The AI Agent API endpoint POST /apps/:appId/agent does not enforce authorization. Authenticated users scoped to specific apps can access any other app's agent endpoint by changing the app ID in the URL. Read-only users are given the full master key instead of the read-only master key and c...

Missing Authorization

Overview parse-dashboard is a The Parse Dashboard for Parse Server Affected versions of this package are vulnerable to Missing Authorization via the agent endpoint. An attacker can gain unauthorized access to other applications' agent endpoints and escalate privileges by modifying the app ID in t...

EUVD-2026-8595

Parse Dashboard has incomplete authentication on AI Agent endpoint...

CVE-2026-27609

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submit...

CVE-2026-27608

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent does not enforce authorization. Authenticated users scoped to specific apps can access any other app's agent endpoint by...

CVE-2026-27595 Parse Dashboard has incomplete authentication on AI Agent endpoint

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent has multiple security vulnerabilities that, when chained, allow unauthenticated remote attackers to perform arbitrary read...

CVE-2026-27610 Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the ConfigKeyCache uses the same cache key for both master key and read-only master key when resolving function-typed keys. Under specific timing conditions, a read-only use...

CVE-2026-27609 Parse Dashboard Missing CSRF Protection on Agent Endpoint

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submit...

CVE-2026-27609 Parse Dashboard Missing CSRF Protection on Agent Endpoint

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submit...

CVE-2026-27609 Parse Dashboard Missing CSRF Protection on Agent Endpoint

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submit...

CVE-2026-27609

Technical details beyond the initial description are not provided in the connected documents. Monitor for updates on affected versions and remediation for CVE-2026-27609.

CVE-2026-27609

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submit...

CVE-2026-27608

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent does not enforce authorization. Authenticated users scoped to specific apps can access any other app's agent endpoint by...

CVE-2026-27608 Parse Dashboard Missing Authorization on Agent Endpoint

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent does not enforce authorization. Authenticated users scoped to specific apps can access any other app's agent endpoint by...

PT-2026-21833

Name of the Vulnerable Software and Affected Versions Parse Dashboard versions 7.3.0-alpha.42 through 9.0.0-alpha.7 Description Parse Dashboard, a standalone dashboard for managing Parse Server apps, contains security issues in the AI Agent API endpoint /apps/:appId/agent. Versions 7.3.0-alpha.42...

CVE-2023-0002

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent...