Vulnerability-Lookup

FKIE_CVE-2026-27609

Vulnerability from fkie_nvd - Published: 2026-02-25 03:16 - Updated: 2026-02-27 19:16

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Summary

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submits requests to the agent endpoint using the victim's session. The fix in version 9.0.0-alpha.8 adds CSRF middleware to the agent endpoint and embeds a CSRF token in the dashboard page. As a workaround, remove the `agent` configuration block from your dashboard configuration. Dashboards without an `agent` config are not affected.

References

	URL	Tags
	security-advisories@github.com	https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8	Release Notes
	security-advisories@github.com	https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-3534-xp88-25rc	Vendor Advisory

Impacted products

Vendor	Product	Version
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0-alpha.42
parseplatform	parse_dashboard	7.4.0
parseplatform	parse_dashboard	7.4.0
parseplatform	parse_dashboard	7.4.0
parseplatform	parse_dashboard	7.4.0
parseplatform	parse_dashboard	7.4.0
parseplatform	parse_dashboard	7.5.0
parseplatform	parse_dashboard	7.5.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.1
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.4.0
parseplatform	parse_dashboard	8.4.1
parseplatform	parse_dashboard	8.4.1
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.42:*:*:*:node.js:*:*",
              "matchCriteriaId": "D4744D8A-C870-492A-AD66-D6CB083CD7A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.43:*:*:*:node.js:*:*",
              "matchCriteriaId": "23F5E70B-99F7-46FE-A13B-D2B9B9BFDF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.44:*:*:*:node.js:*:*",
              "matchCriteriaId": "6F3FE9CD-0F0B-4AB8-BB42-04B23C1DEF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "1F87B033-9ADD-4DBB-BC6C-A3EBE7502CF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "F5263840-349D-42E1-BAB1-AB6826B588B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "640870FE-F70F-401D-A749-3CD0EF66A436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.8:*:*:*:node.js:*:*",
              "matchCriteriaId": "64F0B732-1E46-4B86-BDC0-4F1025989DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.9:*:*:*:node.js:*:*",
              "matchCriteriaId": "3427EA35-6D06-4D44-B4E0-63F36908D506",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0-alpha.42:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "E4D5D9AC-B261-46D7-83E1-B10E3C02C2D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "87F8BED8-AA0B-4BB4-817A-ECF3581DB66B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "306508B1-2E2A-4A76-A67C-1F8A15D5EC7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "AA055428-E398-4766-9C08-66D2113CE7EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "9CC5FAB0-7046-40B0-842D-138BD8CC8B28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "AF1A1FFC-9FE6-4596-9377-8A410517748D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.5.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "638E5B8B-F2F1-47AC-AD0D-7AD7835CB6CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.5.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "8AC5C34F-1B61-4A65-811E-5CC7DBFF4FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "F95EFF10-2977-4330-B2AB-9E0A1038AB6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.10:*:*:*:node.js:*:*",
              "matchCriteriaId": "8A3B3D71-CD51-41C4-A756-F741FC9A17AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.11:*:*:*:node.js:*:*",
              "matchCriteriaId": "46A42216-C604-4CFF-A7D5-0E2EBB253F70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.12:*:*:*:node.js:*:*",
              "matchCriteriaId": "233F7D1F-C707-45D6-BF37-EF196A1CA655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.13:*:*:*:node.js:*:*",
              "matchCriteriaId": "27EBFA6E-9582-49F4-A62D-B9B39F873D5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "4D211D67-C766-4FE0-A050-688DCC4E4137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "CC066843-6A98-4B8B-B679-D8A229D0F1CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "35336E10-BC3C-4B0E-9AF0-66B44A7EEF53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "19F7A05A-4E95-4637-B4E9-23CB9A4C2E24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "9D5A6432-BA21-4AE7-A6D3-5B711B961B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "28C73478-4D60-48A2-8A43-9005B222792C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.8:*:*:*:node.js:*:*",
              "matchCriteriaId": "F01C2CA5-BB6D-465F-9B3E-D9DCC04DAF53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.9:*:*:*:node.js:*:*",
              "matchCriteriaId": "EAF9B9F4-B53F-4A07-B99D-C61FEDD09C3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "799C425B-06A3-4E3E-AC7F-67B7DE9974B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "635D4195-A97E-4536-9C69-C5E3EC3D206C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "76266618-3291-42B8-ABF9-3161C9A2A335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "798C040F-8F99-4460-B37D-335DF063442B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "B7C33A71-E752-43D4-A164-740750ABD096",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "F580DE3E-263A-4503-8B06-08C5FF1AC4A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "E4B5D579-9F10-4EE2-975C-760D7945C781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.10:*:*:*:node.js:*:*",
              "matchCriteriaId": "F2B34014-7733-4630-9AEA-85433E95F9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.11:*:*:*:node.js:*:*",
              "matchCriteriaId": "10BBA4C5-F9BB-4D5A-A1BE-EC99FFEA2D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.12:*:*:*:node.js:*:*",
              "matchCriteriaId": "C14764E6-2751-4507-8FBF-ABBB95B73C49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.13:*:*:*:node.js:*:*",
              "matchCriteriaId": "EA5558A0-D654-47AF-A661-21B15CC5374D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "ACD4CD5D-B16D-4C15-8055-A6EE5C96F389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "77E011B6-E73B-4CD7-AED3-E8F293907769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "DF030EED-A04A-4294-89BE-D67981373CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "5C610597-192B-436C-B773-3578EE1135EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "596F09DA-7A82-4A49-BA5F-A3457D5D1895",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "AC8D2A19-26A2-43EA-874D-0AECECF38F0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.8:*:*:*:node.js:*:*",
              "matchCriteriaId": "61E484CB-FE4E-446A-9E4A-7D7FBB90D5A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.9:*:*:*:node.js:*:*",
              "matchCriteriaId": "EEFB299E-5AE8-4BC7-AE41-9861C3C6E5D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.1:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "F2BAFB77-61AB-4590-91A5-E6006CCFD60F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "250C3970-411A-45CA-A0F1-3336979795D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.10:*:*:*:node.js:*:*",
              "matchCriteriaId": "DE488750-1330-43A2-97DE-3D3BF1E808EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.11:*:*:*:node.js:*:*",
              "matchCriteriaId": "E95F30F2-0AC8-4A22-AA66-DB80325EBA75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.12:*:*:*:node.js:*:*",
              "matchCriteriaId": "AE191589-6E7C-4634-A9D8-1B1E7F8343DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.13:*:*:*:node.js:*:*",
              "matchCriteriaId": "860229EC-16ED-439A-A34E-5D3F85FFDCC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.14:*:*:*:node.js:*:*",
              "matchCriteriaId": "E4F3001C-E518-479B-8A57-E34FFFAA4FA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.15:*:*:*:node.js:*:*",
              "matchCriteriaId": "A73F6299-1A0C-4A73-89C8-48885E11F65C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.16:*:*:*:node.js:*:*",
              "matchCriteriaId": "C71D6779-24D2-4AF0-BEF1-FE99BC95BB26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.17:*:*:*:node.js:*:*",
              "matchCriteriaId": "EC64EC9A-F109-4BBE-935A-CFD7DC8DB2C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.18:*:*:*:node.js:*:*",
              "matchCriteriaId": "6F2CDBCA-5552-42BE-8DC8-4741679971D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.19:*:*:*:node.js:*:*",
              "matchCriteriaId": "80D51A30-78E8-40DE-809D-9FF619A23158",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "C1791CCB-E96B-465C-B57B-C7B97A437642",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.20:*:*:*:node.js:*:*",
              "matchCriteriaId": "DA617937-2E8B-4955-BD27-65C3CC4013B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.21:*:*:*:node.js:*:*",
              "matchCriteriaId": "1307D569-70FD-4253-A14C-29F3CDA35EF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.22:*:*:*:node.js:*:*",
              "matchCriteriaId": "DFA69B19-9A2C-40F9-88F4-B43389B6A56D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.23:*:*:*:node.js:*:*",
              "matchCriteriaId": "FBC724FF-FDE9-440B-8CC2-AF210114CF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.24:*:*:*:node.js:*:*",
              "matchCriteriaId": "BA0E1A98-C42C-43BC-B409-25F033677BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.25:*:*:*:node.js:*:*",
              "matchCriteriaId": "1133B673-D917-4919-9F6B-A11E9C86BCAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.26:*:*:*:node.js:*:*",
              "matchCriteriaId": "EC9747A1-F2E5-4973-B56C-B6E0A42024BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.27:*:*:*:node.js:*:*",
              "matchCriteriaId": "91951F15-C571-42C1-897A-B3D3C2B70A51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "1292ACFD-4CA4-4F7E-B7DB-8B3CA85C5B84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "2C6E2816-60F8-4297-B3C7-3EFA2C3BDD1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "2A7E1989-6E7F-4700-B779-7E39CB695E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "EC4E8293-59A7-4F47-B2F5-2F950B93E16A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "BBA14C23-4DBF-47C8-8FB3-9233C54247BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.8:*:*:*:node.js:*:*",
              "matchCriteriaId": "DE07DB4E-85AB-4495-B81D-2478E1CD0FD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.9:*:*:*:node.js:*:*",
              "matchCriteriaId": "F4260AB5-24D7-4D6C-B55F-3129BDDBEF8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "7A4300AF-10D6-4E09-B6DF-B28144F8E024",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.10:*:*:*:node.js:*:*",
              "matchCriteriaId": "C11B2FEB-7617-49DA-AB18-CA2F37367480",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.11:*:*:*:node.js:*:*",
              "matchCriteriaId": "B606D916-B540-465A-946B-2FEBF2850916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.12:*:*:*:node.js:*:*",
              "matchCriteriaId": "FCE2860A-1826-4A8B-A66F-D11733F9103D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.13:*:*:*:node.js:*:*",
              "matchCriteriaId": "E84297DB-5816-4FA5-8696-204CAF1BEF6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.14:*:*:*:node.js:*:*",
              "matchCriteriaId": "C9219C64-059A-4A3E-8836-AAD56D40CEEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.15:*:*:*:node.js:*:*",
              "matchCriteriaId": "57353E36-EFA9-402B-AFF5-AFADACCEE6E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.16:*:*:*:node.js:*:*",
              "matchCriteriaId": "57CFDD8F-7705-43EC-938C-100A750BF6A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.17:*:*:*:node.js:*:*",
              "matchCriteriaId": "9330CE70-6112-4194-81FF-B58A073447EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.18:*:*:*:node.js:*:*",
              "matchCriteriaId": "D6EC7E97-76CE-4749-BDF9-409C3C5D5836",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.19:*:*:*:node.js:*:*",
              "matchCriteriaId": "A555D06A-B5B1-4ADB-B920-F7509691DC07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "7EA2C3DD-9ADE-4089-A358-7866A460BB62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.20:*:*:*:node.js:*:*",
              "matchCriteriaId": "2E197079-35B1-4896-9A6D-29FF88C95338",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.21:*:*:*:node.js:*:*",
              "matchCriteriaId": "E6AA3ECC-E3FA-49AF-916F-37691A3BD04A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.22:*:*:*:node.js:*:*",
              "matchCriteriaId": "5D54DA67-239B-4340-85ED-9BD93D19A83A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.23:*:*:*:node.js:*:*",
              "matchCriteriaId": "5381B696-F48C-4763-BF8B-B10CF0134473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.24:*:*:*:node.js:*:*",
              "matchCriteriaId": "9A10EB23-2504-4D98-8D1E-3398D9A386AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.25:*:*:*:node.js:*:*",
              "matchCriteriaId": "88C6CCC3-FA1C-4CA5-896D-0ECFE1C5F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.26:*:*:*:node.js:*:*",
              "matchCriteriaId": "D5107B7E-0270-44EA-97AD-E186A83FC0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.27:*:*:*:node.js:*:*",
              "matchCriteriaId": "530AE8D8-8D69-4F38-A8A9-78BB6FFEF18E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.28:*:*:*:node.js:*:*",
              "matchCriteriaId": "D1DC1670-DB4B-4B2E-9B86-51B5C143C199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.29:*:*:*:node.js:*:*",
              "matchCriteriaId": "F1877E4D-26D2-4904-8053-D3C4A2A12C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "60F9E180-C44C-4C7A-B05C-1D188061DA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.30:*:*:*:node.js:*:*",
              "matchCriteriaId": "0020AAB4-42B4-4FDA-8980-3BB478B0D933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.31:*:*:*:node.js:*:*",
              "matchCriteriaId": "35EB35EF-46C4-4A75-B8E6-7C29C776D5C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.32:*:*:*:node.js:*:*",
              "matchCriteriaId": "6C59AEF9-1C8C-41C0-8786-55CB41AA1829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.33:*:*:*:node.js:*:*",
              "matchCriteriaId": "6EA1686D-E53A-4C35-8743-09FF7F2C6795",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.34:*:*:*:node.js:*:*",
              "matchCriteriaId": "0897894F-2D60-4E27-827C-ACBA6E30FABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.35:*:*:*:node.js:*:*",
              "matchCriteriaId": "2FB28994-3EB1-4857-B2F1-6210D61A61D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.36:*:*:*:node.js:*:*",
              "matchCriteriaId": "137F6EAA-831A-42C0-B003-FB4F583D7279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.37:*:*:*:node.js:*:*",
              "matchCriteriaId": "E41A87FE-1651-4A7A-8E32-2B20D69F5593",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.38:*:*:*:node.js:*:*",
              "matchCriteriaId": "D791B7C0-E3E7-4BE4-A691-8398263CC901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.39:*:*:*:node.js:*:*",
              "matchCriteriaId": "177C31B7-05D9-4690-897A-2FDBC406AB0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "8FD4CC16-C0F6-4C05-970D-B54E84A8C7FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.40:*:*:*:node.js:*:*",
              "matchCriteriaId": "2F1B8B29-DFAD-4634-AC12-C1DFF2FBA5C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.41:*:*:*:node.js:*:*",
              "matchCriteriaId": "57FB28C9-5DE8-4D09-9BDE-FFFBD7516F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.42:*:*:*:node.js:*:*",
              "matchCriteriaId": "8589D874-D29D-4583-A1DA-59D8F39027A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.43:*:*:*:node.js:*:*",
              "matchCriteriaId": "13A8384B-B775-41C9-96F5-20186B6D82BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "2948F800-5515-4729-A82D-2DACA81BA2DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "1A253A5D-C7DB-4B64-A77A-D03FEFBDC8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "1DECD32E-1F70-4AA0-9AA7-8E25CDC611C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.8:*:*:*:node.js:*:*",
              "matchCriteriaId": "7D1B3EF0-F7E5-46E4-8741-B234A4389137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.9:*:*:*:node.js:*:*",
              "matchCriteriaId": "C694360B-3347-4F9F-A621-080C0EAC4DAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.4.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "49AA820D-E082-47D2-803D-6B54476C0203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.4.1:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "85F7BCC9-C07E-41ED-B172-2FBE6EC25281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.4.1:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "5148D58F-AB4C-46F0-8BD0-0F67E908D268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "487A1716-0D40-44A0-9F38-5FE7CA8EB7BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "52BF57A4-CA0D-4573-AD58-6E2572A7F6C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "31B0DA15-56F5-4CAF-B143-BFCF15B9FC8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "42263CAA-72DA-4B09-81B7-6E25DDF9FF85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "A72FAF71-B360-4CAD-8369-22FA7203059E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "3A15C600-A7E7-43BA-85A5-33EF4A580BC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "E0FF7351-1107-4C32-A33B-A72929B8B08A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "BC47F04B-0CAB-4F59-AD13-098E01F33ABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "8A0BEBE6-165D-4E02-84FB-0CE15101B7E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "E50D6B9B-1480-4FFC-A5E1-0AC266B5505D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "63696822-C9C4-4094-B2A6-CD3026748EB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "2694A32A-009C-4189-849B-2388D53B0276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "FDF833EE-1D53-49EE-8FE5-2D8E56F66AE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "2458B177-3461-425A-89AA-13866FE27028",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submits requests to the agent endpoint using the victim\u0027s session. The fix in version 9.0.0-alpha.8 adds CSRF middleware to the agent endpoint and embeds a CSRF token in the dashboard page. As a workaround, remove the `agent` configuration block from your dashboard configuration. Dashboards without an `agent` config are not affected."
    },
    {
      "lang": "es",
      "value": "Parse Dashboard es un panel de control independiente para gestionar aplicaciones de Parse Server. En las versiones 7.3.0-alpha.42 hasta la 9.0.0-alpha.7, el endpoint de la API del Agente de IA (\u0027POST /apps/:appId/agent\u0027) carece de protecci\u00f3n CSRF. Un atacante puede crear una p\u00e1gina maliciosa que, al ser visitada por un usuario autenticado del panel de control, env\u00eda solicitudes al endpoint del agente utilizando la sesi\u00f3n de la v\u00edctima. La correcci\u00f3n en la versi\u00f3n 9.0.0-alpha.8 a\u00f1ade middleware CSRF al endpoint del agente e incrusta un token CSRF en la p\u00e1gina del panel de control. Como soluci\u00f3n alternativa, elimine el bloque de configuraci\u00f3n \u0027agent\u0027 de su configuraci\u00f3n del panel de control. Los paneles de control sin una configuraci\u00f3n \u0027agent\u0027 no se ven afectados."
    }
  ],
  "id": "CVE-2026-27609",
  "lastModified": "2026-02-27T19:16:34.293",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "PASSIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-25T03:16:05.120",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-3534-xp88-25rc"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

CVE-2026-27609 (GCVE-0-2026-27609)

Vulnerability from cvelistv5 – Published: 2026-02-25 02:18 – Updated: 2026-02-27 17:24

Title

Parse Dashboard Missing CSRF Protection on Agent Endpoint

Summary

Severity ?

8.3 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N

CWE

CWE-352 - Cross-Site Request Forgery (CSRF)

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	parse-community	parse-dashboard	Affected: >= 7.3.0-alpha.42, < 9.0.0-alpha.8

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2026-27609

CVE-2026-27609 (GCVE-0-2026-27609)

Tags

Sightings

Nomenclature