Vulnerability-Lookup

FKIE_CVE-2026-27595

Vulnerability from fkie_nvd - Published: 2026-02-25 03:16 - Updated: 2026-02-27 19:18

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (POST `/apps/:appId/agent`) has multiple security vulnerabilities that, when chained, allow unauthenticated remote attackers to perform arbitrary read and write operations against any connected Parse Server database using the master key. The agent feature is opt-in; dashboards without an agent config are not affected. The fix in version 9.0.0-alpha.8 adds authentication, CSRF validation, and per-app authorization middleware to the agent endpoint. Read-only users are restricted to the `readOnlyMasterKey` with write permissions stripped server-side. A cache key collision between master key and read-only master key was also corrected. As a workaround, remove or comment out the agent configuration block from your Parse Dashboard configuration.

References

	URL	Tags
	security-advisories@github.com	https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8	Release Notes
	security-advisories@github.com	https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-qwc3-h9mg-4582	Vendor Advisory

Impacted products

Vendor	Product	Version
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.4.0
parseplatform	parse_dashboard	7.4.0
parseplatform	parse_dashboard	7.4.0
parseplatform	parse_dashboard	7.4.0
parseplatform	parse_dashboard	7.4.0
parseplatform	parse_dashboard	7.5.0
parseplatform	parse_dashboard	7.5.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.1
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.4.0
parseplatform	parse_dashboard	8.4.1
parseplatform	parse_dashboard	8.4.1
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.42:*:*:*:node.js:*:*",
              "matchCriteriaId": "D4744D8A-C870-492A-AD66-D6CB083CD7A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.43:*:*:*:node.js:*:*",
              "matchCriteriaId": "23F5E70B-99F7-46FE-A13B-D2B9B9BFDF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.44:*:*:*:node.js:*:*",
              "matchCriteriaId": "6F3FE9CD-0F0B-4AB8-BB42-04B23C1DEF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "1F87B033-9ADD-4DBB-BC6C-A3EBE7502CF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "F5263840-349D-42E1-BAB1-AB6826B588B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "640870FE-F70F-401D-A749-3CD0EF66A436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.8:*:*:*:node.js:*:*",
              "matchCriteriaId": "64F0B732-1E46-4B86-BDC0-4F1025989DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.9:*:*:*:node.js:*:*",
              "matchCriteriaId": "3427EA35-6D06-4D44-B4E0-63F36908D506",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "87F8BED8-AA0B-4BB4-817A-ECF3581DB66B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "306508B1-2E2A-4A76-A67C-1F8A15D5EC7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "AA055428-E398-4766-9C08-66D2113CE7EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "9CC5FAB0-7046-40B0-842D-138BD8CC8B28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "AF1A1FFC-9FE6-4596-9377-8A410517748D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.5.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "638E5B8B-F2F1-47AC-AD0D-7AD7835CB6CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.5.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "8AC5C34F-1B61-4A65-811E-5CC7DBFF4FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "F95EFF10-2977-4330-B2AB-9E0A1038AB6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.10:*:*:*:node.js:*:*",
              "matchCriteriaId": "8A3B3D71-CD51-41C4-A756-F741FC9A17AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.11:*:*:*:node.js:*:*",
              "matchCriteriaId": "46A42216-C604-4CFF-A7D5-0E2EBB253F70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.12:*:*:*:node.js:*:*",
              "matchCriteriaId": "233F7D1F-C707-45D6-BF37-EF196A1CA655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.13:*:*:*:node.js:*:*",
              "matchCriteriaId": "27EBFA6E-9582-49F4-A62D-B9B39F873D5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "4D211D67-C766-4FE0-A050-688DCC4E4137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "CC066843-6A98-4B8B-B679-D8A229D0F1CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "35336E10-BC3C-4B0E-9AF0-66B44A7EEF53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "19F7A05A-4E95-4637-B4E9-23CB9A4C2E24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "9D5A6432-BA21-4AE7-A6D3-5B711B961B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "28C73478-4D60-48A2-8A43-9005B222792C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.8:*:*:*:node.js:*:*",
              "matchCriteriaId": "F01C2CA5-BB6D-465F-9B3E-D9DCC04DAF53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.9:*:*:*:node.js:*:*",
              "matchCriteriaId": "EAF9B9F4-B53F-4A07-B99D-C61FEDD09C3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "799C425B-06A3-4E3E-AC7F-67B7DE9974B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "635D4195-A97E-4536-9C69-C5E3EC3D206C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "76266618-3291-42B8-ABF9-3161C9A2A335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "798C040F-8F99-4460-B37D-335DF063442B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "B7C33A71-E752-43D4-A164-740750ABD096",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "F580DE3E-263A-4503-8B06-08C5FF1AC4A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "E4B5D579-9F10-4EE2-975C-760D7945C781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.10:*:*:*:node.js:*:*",
              "matchCriteriaId": "F2B34014-7733-4630-9AEA-85433E95F9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.11:*:*:*:node.js:*:*",
              "matchCriteriaId": "10BBA4C5-F9BB-4D5A-A1BE-EC99FFEA2D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.12:*:*:*:node.js:*:*",
              "matchCriteriaId": "C14764E6-2751-4507-8FBF-ABBB95B73C49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.13:*:*:*:node.js:*:*",
              "matchCriteriaId": "EA5558A0-D654-47AF-A661-21B15CC5374D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "ACD4CD5D-B16D-4C15-8055-A6EE5C96F389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "77E011B6-E73B-4CD7-AED3-E8F293907769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "DF030EED-A04A-4294-89BE-D67981373CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "5C610597-192B-436C-B773-3578EE1135EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "596F09DA-7A82-4A49-BA5F-A3457D5D1895",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "AC8D2A19-26A2-43EA-874D-0AECECF38F0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.8:*:*:*:node.js:*:*",
              "matchCriteriaId": "61E484CB-FE4E-446A-9E4A-7D7FBB90D5A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.9:*:*:*:node.js:*:*",
              "matchCriteriaId": "EEFB299E-5AE8-4BC7-AE41-9861C3C6E5D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.1:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "F2BAFB77-61AB-4590-91A5-E6006CCFD60F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "250C3970-411A-45CA-A0F1-3336979795D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.10:*:*:*:node.js:*:*",
              "matchCriteriaId": "DE488750-1330-43A2-97DE-3D3BF1E808EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.11:*:*:*:node.js:*:*",
              "matchCriteriaId": "E95F30F2-0AC8-4A22-AA66-DB80325EBA75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.12:*:*:*:node.js:*:*",
              "matchCriteriaId": "AE191589-6E7C-4634-A9D8-1B1E7F8343DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.13:*:*:*:node.js:*:*",
              "matchCriteriaId": "860229EC-16ED-439A-A34E-5D3F85FFDCC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.14:*:*:*:node.js:*:*",
              "matchCriteriaId": "E4F3001C-E518-479B-8A57-E34FFFAA4FA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.15:*:*:*:node.js:*:*",
              "matchCriteriaId": "A73F6299-1A0C-4A73-89C8-48885E11F65C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.16:*:*:*:node.js:*:*",
              "matchCriteriaId": "C71D6779-24D2-4AF0-BEF1-FE99BC95BB26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.17:*:*:*:node.js:*:*",
              "matchCriteriaId": "EC64EC9A-F109-4BBE-935A-CFD7DC8DB2C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.18:*:*:*:node.js:*:*",
              "matchCriteriaId": "6F2CDBCA-5552-42BE-8DC8-4741679971D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.19:*:*:*:node.js:*:*",
              "matchCriteriaId": "80D51A30-78E8-40DE-809D-9FF619A23158",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "C1791CCB-E96B-465C-B57B-C7B97A437642",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.20:*:*:*:node.js:*:*",
              "matchCriteriaId": "DA617937-2E8B-4955-BD27-65C3CC4013B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.21:*:*:*:node.js:*:*",
              "matchCriteriaId": "1307D569-70FD-4253-A14C-29F3CDA35EF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.22:*:*:*:node.js:*:*",
              "matchCriteriaId": "DFA69B19-9A2C-40F9-88F4-B43389B6A56D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.23:*:*:*:node.js:*:*",
              "matchCriteriaId": "FBC724FF-FDE9-440B-8CC2-AF210114CF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.24:*:*:*:node.js:*:*",
              "matchCriteriaId": "BA0E1A98-C42C-43BC-B409-25F033677BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.25:*:*:*:node.js:*:*",
              "matchCriteriaId": "1133B673-D917-4919-9F6B-A11E9C86BCAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.26:*:*:*:node.js:*:*",
              "matchCriteriaId": "EC9747A1-F2E5-4973-B56C-B6E0A42024BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.27:*:*:*:node.js:*:*",
              "matchCriteriaId": "91951F15-C571-42C1-897A-B3D3C2B70A51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "1292ACFD-4CA4-4F7E-B7DB-8B3CA85C5B84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "2C6E2816-60F8-4297-B3C7-3EFA2C3BDD1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "2A7E1989-6E7F-4700-B779-7E39CB695E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "EC4E8293-59A7-4F47-B2F5-2F950B93E16A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "BBA14C23-4DBF-47C8-8FB3-9233C54247BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.8:*:*:*:node.js:*:*",
              "matchCriteriaId": "DE07DB4E-85AB-4495-B81D-2478E1CD0FD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.9:*:*:*:node.js:*:*",
              "matchCriteriaId": "F4260AB5-24D7-4D6C-B55F-3129BDDBEF8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "7A4300AF-10D6-4E09-B6DF-B28144F8E024",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.10:*:*:*:node.js:*:*",
              "matchCriteriaId": "C11B2FEB-7617-49DA-AB18-CA2F37367480",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.11:*:*:*:node.js:*:*",
              "matchCriteriaId": "B606D916-B540-465A-946B-2FEBF2850916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.12:*:*:*:node.js:*:*",
              "matchCriteriaId": "FCE2860A-1826-4A8B-A66F-D11733F9103D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.13:*:*:*:node.js:*:*",
              "matchCriteriaId": "E84297DB-5816-4FA5-8696-204CAF1BEF6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.14:*:*:*:node.js:*:*",
              "matchCriteriaId": "C9219C64-059A-4A3E-8836-AAD56D40CEEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.15:*:*:*:node.js:*:*",
              "matchCriteriaId": "57353E36-EFA9-402B-AFF5-AFADACCEE6E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.16:*:*:*:node.js:*:*",
              "matchCriteriaId": "57CFDD8F-7705-43EC-938C-100A750BF6A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.17:*:*:*:node.js:*:*",
              "matchCriteriaId": "9330CE70-6112-4194-81FF-B58A073447EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.18:*:*:*:node.js:*:*",
              "matchCriteriaId": "D6EC7E97-76CE-4749-BDF9-409C3C5D5836",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.19:*:*:*:node.js:*:*",
              "matchCriteriaId": "A555D06A-B5B1-4ADB-B920-F7509691DC07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "7EA2C3DD-9ADE-4089-A358-7866A460BB62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.20:*:*:*:node.js:*:*",
              "matchCriteriaId": "2E197079-35B1-4896-9A6D-29FF88C95338",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.21:*:*:*:node.js:*:*",
              "matchCriteriaId": "E6AA3ECC-E3FA-49AF-916F-37691A3BD04A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.22:*:*:*:node.js:*:*",
              "matchCriteriaId": "5D54DA67-239B-4340-85ED-9BD93D19A83A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.23:*:*:*:node.js:*:*",
              "matchCriteriaId": "5381B696-F48C-4763-BF8B-B10CF0134473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.24:*:*:*:node.js:*:*",
              "matchCriteriaId": "9A10EB23-2504-4D98-8D1E-3398D9A386AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.25:*:*:*:node.js:*:*",
              "matchCriteriaId": "88C6CCC3-FA1C-4CA5-896D-0ECFE1C5F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.26:*:*:*:node.js:*:*",
              "matchCriteriaId": "D5107B7E-0270-44EA-97AD-E186A83FC0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.27:*:*:*:node.js:*:*",
              "matchCriteriaId": "530AE8D8-8D69-4F38-A8A9-78BB6FFEF18E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.28:*:*:*:node.js:*:*",
              "matchCriteriaId": "D1DC1670-DB4B-4B2E-9B86-51B5C143C199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.29:*:*:*:node.js:*:*",
              "matchCriteriaId": "F1877E4D-26D2-4904-8053-D3C4A2A12C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "60F9E180-C44C-4C7A-B05C-1D188061DA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.30:*:*:*:node.js:*:*",
              "matchCriteriaId": "0020AAB4-42B4-4FDA-8980-3BB478B0D933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.31:*:*:*:node.js:*:*",
              "matchCriteriaId": "35EB35EF-46C4-4A75-B8E6-7C29C776D5C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.32:*:*:*:node.js:*:*",
              "matchCriteriaId": "6C59AEF9-1C8C-41C0-8786-55CB41AA1829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.33:*:*:*:node.js:*:*",
              "matchCriteriaId": "6EA1686D-E53A-4C35-8743-09FF7F2C6795",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.34:*:*:*:node.js:*:*",
              "matchCriteriaId": "0897894F-2D60-4E27-827C-ACBA6E30FABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.35:*:*:*:node.js:*:*",
              "matchCriteriaId": "2FB28994-3EB1-4857-B2F1-6210D61A61D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.36:*:*:*:node.js:*:*",
              "matchCriteriaId": "137F6EAA-831A-42C0-B003-FB4F583D7279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.37:*:*:*:node.js:*:*",
              "matchCriteriaId": "E41A87FE-1651-4A7A-8E32-2B20D69F5593",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.38:*:*:*:node.js:*:*",
              "matchCriteriaId": "D791B7C0-E3E7-4BE4-A691-8398263CC901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.39:*:*:*:node.js:*:*",
              "matchCriteriaId": "177C31B7-05D9-4690-897A-2FDBC406AB0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "8FD4CC16-C0F6-4C05-970D-B54E84A8C7FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.40:*:*:*:node.js:*:*",
              "matchCriteriaId": "2F1B8B29-DFAD-4634-AC12-C1DFF2FBA5C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.41:*:*:*:node.js:*:*",
              "matchCriteriaId": "57FB28C9-5DE8-4D09-9BDE-FFFBD7516F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.42:*:*:*:node.js:*:*",
              "matchCriteriaId": "8589D874-D29D-4583-A1DA-59D8F39027A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.43:*:*:*:node.js:*:*",
              "matchCriteriaId": "13A8384B-B775-41C9-96F5-20186B6D82BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "2948F800-5515-4729-A82D-2DACA81BA2DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "1A253A5D-C7DB-4B64-A77A-D03FEFBDC8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "1DECD32E-1F70-4AA0-9AA7-8E25CDC611C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.8:*:*:*:node.js:*:*",
              "matchCriteriaId": "7D1B3EF0-F7E5-46E4-8741-B234A4389137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.9:*:*:*:node.js:*:*",
              "matchCriteriaId": "C694360B-3347-4F9F-A621-080C0EAC4DAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.4.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "49AA820D-E082-47D2-803D-6B54476C0203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.4.1:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "85F7BCC9-C07E-41ED-B172-2FBE6EC25281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.4.1:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "5148D58F-AB4C-46F0-8BD0-0F67E908D268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "487A1716-0D40-44A0-9F38-5FE7CA8EB7BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "52BF57A4-CA0D-4573-AD58-6E2572A7F6C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "31B0DA15-56F5-4CAF-B143-BFCF15B9FC8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "42263CAA-72DA-4B09-81B7-6E25DDF9FF85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "A72FAF71-B360-4CAD-8369-22FA7203059E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "3A15C600-A7E7-43BA-85A5-33EF4A580BC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "E0FF7351-1107-4C32-A33B-A72929B8B08A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "BC47F04B-0CAB-4F59-AD13-098E01F33ABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "8A0BEBE6-165D-4E02-84FB-0CE15101B7E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "E50D6B9B-1480-4FFC-A5E1-0AC266B5505D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "63696822-C9C4-4094-B2A6-CD3026748EB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "2694A32A-009C-4189-849B-2388D53B0276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "FDF833EE-1D53-49EE-8FE5-2D8E56F66AE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "2458B177-3461-425A-89AA-13866FE27028",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (POST `/apps/:appId/agent`) has multiple security vulnerabilities that, when chained, allow unauthenticated remote attackers to perform arbitrary read and write operations against any connected Parse Server database using the master key. The agent feature is opt-in; dashboards without an agent config are not affected. The fix in version 9.0.0-alpha.8 adds authentication, CSRF validation, and per-app authorization middleware to the agent endpoint. Read-only users are restricted to the `readOnlyMasterKey` with write permissions stripped server-side. A cache key collision between master key and read-only master key was also corrected. As a workaround, remove or comment out the agent configuration block from your Parse Dashboard configuration."
    },
    {
      "lang": "es",
      "value": "Parse Dashboard es un panel de control independiente para gestionar aplicaciones de Parse Server. En las versiones 7.3.0-alpha.42 hasta la 9.0.0-alpha.7, el endpoint de la API del Agente de IA (POST `/apps/:appId/agent`) tiene m\u00faltiples vulnerabilidades de seguridad que, cuando se encadenan, permiten a atacantes remotos no autenticados realizar operaciones arbitrarias de lectura y escritura contra cualquier base de datos de Parse Server conectada utilizando la clave maestra. La caracter\u00edstica del agente es opcional; los paneles de control sin una configuraci\u00f3n de agente no se ven afectados. La correcci\u00f3n en la versi\u00f3n 9.0.0-alpha.8 a\u00f1ade autenticaci\u00f3n, validaci\u00f3n de CSRF y middleware de autorizaci\u00f3n por aplicaci\u00f3n al endpoint del agente. Los usuarios de solo lectura est\u00e1n restringidos a la `readOnlyMasterKey` con los permisos de escritura eliminados en el lado del servidor. Tambi\u00e9n se corrigi\u00f3 una colisi\u00f3n de clave de cach\u00e9 entre la clave maestra y la clave maestra de solo lectura. Como soluci\u00f3n alternativa, elimine o comente el bloque de configuraci\u00f3n del agente de su configuraci\u00f3n de Parse Dashboard."
    }
  ],
  "id": "CVE-2026-27595",
  "lastModified": "2026-02-27T19:18:14.857",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 9.9,
          "baseSeverity": "CRITICAL",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-25T03:16:04.437",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-qwc3-h9mg-4582"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

CVE-2026-27595 (GCVE-0-2026-27595)

Vulnerability from cvelistv5 – Published: 2026-02-25 02:21 – Updated: 2026-02-27 17:14

Title

Parse Dashboard has incomplete authentication on AI Agent endpoint

Summary

Severity ?

9.9 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

CWE

CWE-306 - Missing Authentication for Critical Function

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	parse-community	parse-dashboard	Affected: >= 7.3.0-alpha.42, < 9.0.0-alpha.8

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2026-27595

CVE-2026-27595 (GCVE-0-2026-27595)

Tags

Sightings

Nomenclature